Car maker Toyota is recovering from a cyber attack on its European and African financial services department that forced it to take systems offline. In a statement, Toyota Financial Services Europe and Africa said it recently identified unauthorized activity on systems in a limited number of its locations before taking certain systems offline to investigate.
While the car giant has not confirmed the source, nature or extent of the incident, the Medusa ransomware group has claimed responsibility. It said it has stolen data from Toyota Financial Services, giving the company 10 days to pay a US $8 million ransom.
Cyber security expert Kevin Beaumont noted on X (formerly Twitter) that Toyota’s internet-accessible systems are vulnerable to the “Citrix Bleed” vulnerability that has affected dozens of organizations and governments in the last month. Citrix Bleed (CVE-2023-4966) is a critical vulnerability affecting multiple versions of Citrix Netscaler Gateway and ADC products that could enable attackers to retrieve sensitive information and hijack user sessions.
Along with carrying out its own investigation into the incident, Toyota is working with law enforcement, the firm said. “In most countries, we have started bringing our systems back online. We are working diligently to get systems back online as soon as possible and we regret any inconvenience caused to our customers and business partners.” As of now, this incident is limited to Toyota Financial Services Europe and Africa, it added.
Earlier this year, Toyota was forced to apologize after a cloud misconfiguration exposed information on more than two million customers. “We believe that the main cause of this incident was that the rules for handling data were insufficiently explained and thorough,” the firm said.
The Medusa group is a ransomware-as-a-service (RaaS) gang that has operated since 2021. The actors normally gain access to systems through vulnerable remote desktop protocols (RDP) and phishing campaigns before employing PowerShell for command execution, erasing shadow copy backups to prevent data restoration. It is also known to escalate its system privileges, deactivate defense mechanisms and spread across networks.
The Medusa group recently attacked a technology company created by two of Canada’s largest banks. Earlier this year, the gang was behind attacks on an Italian water company, a Minnesota school district and the government organization that manages the healthcare system of the Philippines.
Sign up to Cyber Security Hub’s upcoming webinar All Access: Malware and Ransomware
[Inlinead]
13 – 14 March, 2024
UK
March 18 – 19, 2024
Heathrow Marriott Hotel, London
19 – 21 March, 2024
Sheraton Ann Arbor Hotel, Ann Arbor, MI
June 11 – 13, 2024
Melbourne, Victoria
Insights from the world’s foremost thought leaders delivered to your inbox.
2021-05-19
01:00 PM – 02:00 PM EST
2021-06-09
11:00 AM – 12:00 PM EDT
2021-09-08
11:00 AM – 12:00 PM EST
Reach Cyber Security professionals through cost-effective marketing opportunities to deliver your message, position yourself as a thought leader, and introduce new products, techniques and strategies to the market.
Join CSHUB today and interact with a vibrant network of professionals, keeping up to date with the industry by accessing our wealth of articles, videos, live conferences and more.
Cyber Security Hub, a division of IQPC
Careers With IQPC| Contact Us | About Us | Cookie Policy
Become a Member today!
Already an IQPC Community Member?
Sign in Here or Forgot Password
Sign up now and get FREE access to our extensive library of reports, infographics, whitepapers, webinars and online events from the world’s foremost thought leaders.
We respect your privacy, by clicking ‘Subscribe’ you will receive our e-newsletter, including information on Podcasts, Webinars, event discounts, online learning opportunities and agree to our User Agreement. You have the right to object. For further information on how we process and monitor your personal data click here. You can unsubscribe at any time.
