Nissan Financial Services Hit in Trans-Tasman Cyber Attack

Investigations suggest ‘financially-motivated cyber attacks’ are now outstripping those from traditional state-sponsored actors.
Nissan Financial Services Hit in Trans-Tasman Cyber Attack
A logo in a car showroom of Japan's Nissan Motor at Tokyo's Ginza district on May 12, 2022. Charly Triballeau/AFP via Getty Images
Jim Birchall
Updated:
0:00

A vehicle and plant financial services business that operates across Australia and New Zealand has fallen victim to a cyber attack that forms part of an increasing spate of nefarious intrusions from hackers who traditionally have concentrated on disrupting the infrastructure of nations.

Australian and New Zealand Nissan Corporation and Financial Services was hit by a cyber-attack on Dec. 7, that potentially compromised customers’ information.

In a statement on its homepage, Nissan said they are “Working with its global incident response team and relevant stakeholders to investigate the extent of the incident and whether any personal information has been accessed.”

In a recently released report, New Zealand’s National Cyber Security Centre (NCSC) highlighted “rapid advances in AI and early signs of it being used” and said their investigations suggest “financially-motivated cyber attacks” are now outstripping those from traditional state-sponsored actors intent on causing economic instability and espionage, interfering in elections and silencing journalists.

Russia has employed cyber attacks in its war with Ukraine, with the overarching aim to cripple infrastructure like power grids. Hackers linked to the Chinese military have also increased attempted infiltration of essential services in the United States causing concern should conflict arise in the Indo-Pacific region.

In the NCSC’s most recent report, it was estimated the agency has reduced $65 million (US$40 million) worth of harm from Malware, ransomware, and distributed denial-of-service (DDoS) activity, to “nationally significant organisations” like those involved in power production, and the supply of electricity and internet services.

In their 15-page 2021/22 report, Deputy Director-General Lisa Fong said, “We see heightened determination from cyber-criminal actors attempting to extort payment from organisations.”

The NCSC recorded 90 financial attacks, versus 73 attacks with links to nation-states, and noted Chinese hackers “were able to use legitimate tools existing on victim networks to maintain access to significant targets overseas, without detection.”

A 2013 Nissan Pathfinder at Star Nissan in Niles, Ill., on Dec. 3, 2012. (Scott Olson/Getty Images)
A 2013 Nissan Pathfinder at Star Nissan in Niles, Ill., on Dec. 3, 2012. Scott Olson/Getty Images

The National Cyber Security Centre’s report suggests those tasked with policing attacks are being stretched to deflect the attacks made more significant by rapid advances in the space offered by AI technology.

“AI can quickly synthesise derivative malware that could evade technical detection capabilities.”

The report added that although major attacks in New Zealand have decreased slightly in the last quarter to September, their sophistication and potential for bigger damage had risen on the back of the AI advances.

On the flip side, the report highlighted the efficiency of AI in identifying potential threats with more clarity by “surmising” data that at face value may seem banal or without obvious threat.

Service Centres Potentially Affected

In terms of remedial action, Nissan said it was asking its customers to “have patience with us and our staff while we do our best to work through these issues.”

On Dec. 7, it was conveyed that only Nissan Financial Services had been affected by the hack and not its network of dealers who provide vehicle servicing.

However, in an update on Dec. 12, the company said some dealers may be affected and advised customers to contact service centres directly to advise of their operability.

“Nissan is working to restore its systems as soon as possible and will continue to provide updates by its website available via nissan.com.au and nissan.co.nz,” the firm said in the announcement.

Nissan said it had notified Australia and New Zealand’s cyber security centres, and it asked customers “to be vigilant across their accounts, including looking out for any unusual or scam activities.”

Jim Birchall
Jim Birchall
Author
Jim Birchall has written and edited for several regional New Zealand publications. He was most recently the editor of the Hauraki Coromandel Post.
Related Topics