Experts Insight On Honda Confirms Its Network Has Been Hit By Cyberattack

Honda has confirmed it has been hit with a cyber attack which has impacted some of its operations, including production systems outside of Japan. “Honda can confirm that a cyber attack has taken place on the Honda network,” a spokesperson said. “We can also confirm that there is no information breach at this point in time”. The company added: “Work is being undertaken to minimize the impact and to restore full functionality of production, sales and development activities. At this point, we see minimal business impact”. The company said it had experienced difficulties accessing servers, email and internal systems and that there was also an impact on production systems outside of Japan. It said its “internal server” was attacked externally and a “virus” had spread – but that it would not disclose any further details for security reasons.


EXPERTS COMMENTS
Chris Kennedy, CISO and VP of Customer Success ,  AttackIQ
June 11, 2020
One department getting hit with ransomware should not impact other core business processes.
It appears Honda has suffered a business crippling SNAKE ransomware attack. The international automotive giant was also impacted by WannaCry in 2017. It’s concerning that Honda seems to not have made significant changes to their security program to address like threats – SNAKE and WannaCry share some principles of effects. This strain of ransomware doesn’t steal data, so Honda customer inf ....
[Read More >>]
Oleg Kolesnikov, VP of threat research,  Securonix
June 10, 2020
one of the things that sets the "snake/ekans" malicious threat actor reportedly involved in the Fresenius ransomware attack
In our experience, one of the things that sets the "snake/ekans" malicious threat actor reportedly involved in the Fresenius ransomware attack apart is a relatively high amount of manual effort/targeting typically involved in the operator placement activity, which can sometimes enable them to have a bigger impact on the victims. With some of the recent attacks observed, it appears that the malicio ....
[Read More >>]
Josh Smith, Security Analyst,  Nuspire
June 10, 2020
A sample of SNAKE was uploaded to VirusTotal from Japan that attempts to connect to mds[.]honda[.]com.
EKANS (SNAKE) Ransomware was identified around the end of 2019 and while the ransomware itself wasn’t very sophisticated, what made it interesting was that it had additional functionality programmed into it to forcibly stop processes, especially items involving Industrial Control Systems (ICS) operations. A sample of SNAKE was uploaded to VirusTotal from Japan that attempts to connect to mds[. ....
[Read More >>]
Chloé Messdaghi, VP of Strategy,  Point3 Security
June 10, 2020
organizations are turning to gamified training platforms to help keep security teams engaged and equipped
We’ve all seen global corporations put strong security stacks in place and even so, fall victim to ransomware, and a major take-away is: train and invest in your security team. It’s more important than ever to prevent security team burnout, which can easily happen given talent shortages, skills gaps and the unique pressures the current pandemic is presenting. That’s why many organizations ar ....
[Read More >>]
Chris Clements, VP,  Cerberus Sentinel
June 10, 2020
The malware exits immediately if associations with Honda are not detected.
A well-known information security best practice is isolating any internet accessible servers into a DMZ network that has extremely limited access to any other networks in an organization to prevent widespread damage in the event a single system is compromised. Honda’s statement that an internal server was externally attacked could mean that they did not take this step to prevent an attacker pro ....
[Read More >>]
Patrick Hamilton, Security Evangelist ,  Lucy Security
June 10, 2020
The ransom note is written in nearly perfect English, rare form for threat actors.
Japanese companies are renowned for tight control and shipshape order. Creators of the new Snake ransomware may have one-upped Honda. The ransom note is written in nearly perfect English, rare form for threat actors. The threat uses sophisticated marketing psychology—almost like reading a friendly message from Amazon. How did venomous malware infiltrate such a tightly controlled organization? Pr ....
[Read More >>]
Paul Bischoff, Privacy Advocate,  Comparitech
June 10, 2020
Attackers might have tricked a Honda employee into clicking a link that downloaded a ransomware-infected file, for example.
Based on the limited information Honda has released about the attack, this looks like the result of ransomware. Given that many operations are shut down, but no data was stolen, ransomware is the most obvious culprit. Attackers might have tricked a Honda employee into clicking a link that downloaded a ransomware-infected file, for example. If Honda has proper backup systems in place, it should be ....
[Read More >>]

If you are an expert on this topic:

Submit Your Expert Comments


In this article