Honda could be a victim of ransomware cyberattack

Computer networks in Europe and Japan of the giant automaker Honda have been affected by problems related to a SNAKE Ransomware cyberattack.

Details are unclear at this time, but the company is investigating the cause of the problems that were detected Monday.

Problem confirmed, probably SNAKE ransomware

The company confirmed to BleepingComputer that its IT network is not working properly, but declined to provide further information on the nature of the problem as an investigation is conducted.

“Honda can confirm that there is a problem with its IT network. This is currently under investigation, to understand the cause, "a company representative told us.

As far as is known at the moment, the problems have not influenced Japanese production or the activities of the distributor. Additionally, the company spokesperson said there is no impact on Honda's customers.

"In Europe, we are researching to understand the nature of any impact" - Honda

While the Japanese automaker doesn't speak highly of these events, a security researcher named Milkream has found a sample of the SNAKE (EKANS) ransomware submitted to VirusTotal today that verifies the internal Honda network name of "mds.honda.com "

When BleepingComputer tried to analyze the sample, the ransomware started and exited immediately without encrypting any files.

The researcher claims that this is because the ransomware tries to resolve the domain "mds.honda.com" and failing to do so will end the ransomware without encrypting any files.

This internal verification is a very strong indicator that today's network outages are being caused by a SNAKE ransomware attack.

Snake ransom note dropped by sample found today

Snake Ransom Note Dropped Per Sample Found Today

credit: milkream

It is unclear how many systems are affected, but Snake is known to steal data before implementing the encryption routine.

Open database filters confidential information

If this turns out to be an intrusion by an unauthorized party, it would be a significantly different security incident than the company had to deal with last year when poorly configured databases exposed confidential information on the public Internet.

In late July 2019, security researcher Justin Paine found an insecure ElasticSearch database that contained information about some 300,000 Honda employees worldwide, including the CEO.

In addition to personally identifiable information, the database instance included details about the machines on the network, such as the operating system version, host names, and patch status.

According to Paine's research, a table called "uncontrolled machines" listed the systems on the internal network that did not have security software installed.

"If an attacker is looking for a way to the Honda network knowing which machines are much less likely to identify / block their attacks, that would be critical information. These" uncontrolled machines "could easily be the open door to the entire network," he said. Paine.

On December 11 of last year, security researcher Bob Diachenko discovered another open ElasticSearch database belonging to Honda. The records were not protected on the public Internet and included data on customers in North America.

The database was a data recording and monitoring server for telematic services. It included full names, email addresses, telephone numbers, postal address, make and model of the vehicle, as well as its identification number (VIN).

The company estimated that around 26,000 unique consumer-related records were exposed due to the misconfigured database.

Sling is investigating a possible cyber attack. “data-reactid =” 12 “> After experiencing problems with its systems in Europe and Japan, automaker Honda is investigating a possible cyber attack.

Sky News that suspicions point to “result of unauthorized attempts to violate their systems”. “data-reactid =” 13 “> Company sources told Sky News that suspicions point to” result of unauthorized attempts to violate their systems ” .

“Honda can confirm that there is a problem with its IT network, which is currently under investigation to understand the cause,” the Japanese giant admitted in a statement.

“At the moment, there is no effect on Japanese production or distribution activities, as well as no impact for customers,” he added.

According to the text, “we can confirm some impact in Europe and we are currently investigating the exact nature.”

The British chain recalled that the alleged cyber attack comes three years after Honda suspended production at one of its plants in Japan after discovering ransomware on its internal network.

For Sky News, the episode only highlights “the increasing vulnerability of multinationals amid the rise of teleworking due to the coronavirus pandemic.”

Honda is only the last of the companies affected by cybersecurity problems since the outbreak of COVID-19.

In mid-May 2020, it was revealed that the low-cost airline EasyJet had suffered the theft of information from nine million customers, including the credit card details of a couple of thousand.

“Since we learned about the incident, it has become clear that due to COVID-19 there is intense concern about the use of personal data for online scams,” said company CEO Johan Lundgren on that occasion.

CNN He informed that the firm has its 334 planes on the ground and only operates emergency flights. In any case, the travel reservation is open. “Data-reactid =” 33 “> CNN reported that the company has its 334 planes on the ground and only operates emergency flights. However, the travel reservation is still open.

Honda investigates suspected cyberattack in Europe and Japan appeared first on Digital Trends Spanish . “data-reactid =” 34 “> The post Honda investigates suspected cyberattack in Europe and Japan appeared first on Digital Trends Spanish.