Posted on June 11, 2020 at 2:49 PM
Japanese car manufacturer Honda confirmed that it was attacked by a malware group. As a result, its operations were disrupted slightly to fix the problem.
The car company’s Customer Service posted the information on Twitter on June 8, saying that both financial services and customer services are unavailable because they are experiencing some technical difficulties.
Honda has confirmed the incident
A spokesperson announced the hacking incident yesterday. “Honda can confirm that a cyber attack has taken place on the Honda network,” the spokesperson said.
The attack is widely known to be the acts of a ransomware group called the “Snake” ransomware.
With a market capitalization of £22 billion, the automobile giant has disclosed that production and sales have suffered setbacks because of the attack.
This hacking incidence is coming when the automobile industry is currently under-producing globally because of the Coronavirus pandemic.
The attack is a result of Elasticsearch database vulnerability
The report reveals that the attack is coming after Honda exposed an Elasticsearch database to the public, with more than 40GB of data about the company’s internal devices and systems discovered by security researchers.
Justin Paine, a security researcher who discovered the database at the time said the details available on the data seem to be contents about all internal machines’ inventory.
The data included details such as operating system version, internal IP, MAC address, and the machine hostname. However, Honda has patched the vulnerability as well as the status of the endpoint security software of the car giant.
It is very common to scan for exposed factory automation endpoints. But it’s not clear the nature of security on the networks and how badly segmented they are.
From the researcher’s findings, it seems Honda had publicly exposed some machines with Remote Desktop Protocol (RDP), which is a popular threat vector for ransomware operations.
The spokesperson also confirmed that there was no breach of any important information at that point. However, the firm is in the process of minimizing the impact and restoring the systems to its full operational capacity.
For the past 12 months, the automobile giant has sold 4.7 million vehicles across the world.
In a statement made by Honda on its Twitter page on June 8, the company said its security team is working hard to make sure all services and features are restored. Honda also apologized to customers and thanked them for their patience and understanding.
Honda’s financial services also down
Honda’s Twitter feed shows that both Honda Financial Service and Honda Customer service were down.
Honda has also asked customers facing problems with their vehicles to send a message with full name, their most current contact number, email address, home address, and their car’s mileage. Honda says the customers should post them only via DM on Twitter. But one of the customers posted the complete publicly rather than through DM.
Snake Ransomeware was discovered last year
According to a security analyst at Nuspire, John Smith, the “snake” Ransomeware has been around since the end of last year. Although the software is not sophisticated by its name, the interesting part is the extra functionality programmed into it to stop processing by force. This happens most times with items involving Industrial Control systems operations.
A Reddit commentator about the incident state that in the 2000s, isolating the ICS network was not considered important. In several instances, facilities wanted to incorporate it in the rest of the networks to enable management to run reports and verify production levels of the floor.
Cybereason’s chief security officer, Sam Curry, added that the attack on Honda is a clear indication that strategic and sophisticated ransomware attacks are on the increase. If the hackers are asking for a substantial sum as ransom, it’s probably because the attackers are holding very vital information Honda needs to get back badly,
But it’s not right to speculate of such outcome. He pointed out that there should be increased security awareness and hygiene to help curb the increasingly sophisticated cyber theft and ransomware actors. It’s important to utilize threat hunting services to develop proper action against malware attacks. He advised that business organizations should beef up their systems in preparation for an imminent attack.