TOKYO -- Nine factories across six countries.
That was the scale of a cyberattack that hit Honda Motor this week, as what is believed to be ransomware silently infiltrated the automaker’s internal network, disrupting essential systems and halting production on a global level.
Monday's assault provided clear evidence of the risks companies face as they become more connected through Internet of Things technology. More offices and factories are adopting this smart technology to accommodate people working from home because of the coronavirus pandemic, opening the door to exponentially more cyberattacks.
"Some companies have begun controlling core factory operations remotely in response to the coronavirus," said Toshihiro Fukuda at JT Engineering, Japanese tech company. "Risks are only going to grow."
Cyberattacks targeting manufacturers increased sevenfold between January and April, according to security software provider McAfee. Financial losses caused by data breaches increased 270% on the year in January-March to $8.4 billion.
Honda managed to put most of its affected sites back online, but one plant in the U.S. state of Ohio and another in Brazil remained idle as of Wednesday. Operations were also affected in Japan, Italy, Turkey and the U.K.
Ransomware essentially holds victims hostage by blocking access to computers through encrypting important files, forcing the owners to pay a ransom to unlock the devices. The attack can be particularly insidious, spreading to other computers and machinery operating on the same network.
In January, ransomware forced Picanol, a Belgian weaving machine maker, to halt operations in Europe and China. Australia's BlueScope Steel was also hit in May.
Non-manufacturers have been affected as well. Leading European hospital operator Fresenius suffered a ransomware attack in May, which interfered with dialysis machines.
Many of these attacks were exacerbated by the greater use of the Internet of Things. Companies are connecting more equipment to the internet so they can adjust production and remotely monitor facilities. But this means there are more parts that are now also vulnerable to cyberattacks. Hackers have been using network diagnostics tools and other measures to look for vulnerabilities in different facilities.
Meanwhile, 26% of companies surveyed by KPMG Consulting did not have any division overseeing security at factory management systems.
The age of factory equipment adds to concerns. According to a study published last year by the Japan Machinery Federation, over 60% of Japan's manufacturing equipment were at least 10 years old. Many of them were controlled by computers using older operating systems no longer supported by their producers, making them particularly vulnerable to external attacks.