fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Honda hit by ransomware attack, some production disrupted

Honda Motor Co suspended some of its auto and motorcycle production globally as the Japanese car giant grappled with a suspected cyber attack, a spokesman said on Tuesday.

FILE PHOTO: The Honda logo is displayed at the 89th Geneva International Motor Show in Geneva, Switzerland March 5, 2019. REUTERS/Pierre Albouy/File photo

TOKYO: Honda Motor Co suspended some of its auto and motorcycle production globally as the Japanese car giant grappled with a suspected cyber attack, a spokesman said on Tuesday.

The suspected attack affected Honda’s production globally on Monday, forcing some plants to stop operations as the company needed to ensure that its quality control systems were not compromised.

Honda suspects the ransomware hit the company’s internal servers, the spokesman said.

Production resumed at most of the plants by Tuesday, but its main plant in Ohio, as well as those in Turkey, India and Brazil remain suspended as the ransomware disputed the company’s production systems, he said.

(Reporting by Maki Shiraki; Writing by Makiko Yamazaki; Editing Louise Heavens)

Computer networks in Europe and Japan from car manufacturer giant Honda have been affected by issues that are reportedly related to a SNAKE Ransomware cyber-attack.

Details are unclear at the moment but the company is currently investigating the cause of the problems that were detected on Monday.

Trouble confirmed, likely SNAKE ransomware

The company has confirmed to BleepingComputer that its IT network is not functioning properly but declined to provide more information regarding the nature of the issue as an investigation is ongoing.

“Honda can confirm that there is an issue with its IT network. This is currently under investigation, to understand the cause,“ a company representative told us.

From what is known at this point, the issues have not influenced the Japanese production or dealer activities. Furthermore, the company spokesperson said that there is no impact on Honda customers.

“In Europe, we are investigating to understand the nature of any impact” – Honda

While the Japanese car manufacturer is tight-lipped about these events, a security researcher named Milkream has found a sample of the SNAKE (EKANS) ransomware submitted to VirusTotal today that checks for the internal Honda network name of “mds.honda.com.”

When BleepingComputer tried to analyze the sample, the ransomware would start and immediately exit without encrypting any files.

The researcher states that this is because the ransomware tries to resolve the “mds.honda.com” domain, and failing to do so, will terminate the ransomware without encrypting any files.

Security researcher Vitali Kremez has also told BleepingComputer that in addition to the mds.honda.com check, it also contains a reference to the U.S. IP address 170.108.71.15. 

This IP address resolves to the ‘unspec170108.amerhonda.com’ hostname.

The reference to this IP address and the internal hostname check are very strong indicators that today’s network outages are being caused by a SNAKE ransomware attack.

Snake Ransom note dropped by sample found today
credit: milkream

It is unclear how many systems are affected but Snake is known to steal data before deploying the encryption routine. In a statement to BleepingComputer on Tuesday, Honda says that they can “confirm that there is no information breach at this point in time.”

“Work is being undertaken to minimise the impact and to restore full functionality of production, sales and development activities. At this point, we see minimal business impact” – Honda representative

BleepingComputer reached out to the SNAKE ransomware operators, and while they did not admit to the attack, they did not deny it either.

“At this time we will not share details about the attack in order to allow the target some deniability. This will change as time passes,” the SNAKE operators told BleepingComputer.

Open database leaks sensitive info

If this proves to be an intrusion from an unauthorized party, it would be a significantly different security incident than what the company had to deal with last year when misconfigured databases exposed sensitive information on the public internet.

At the end of July 2019, security researcher Justin Paine found an unsecured ElasticSearch database containing information on about 300,000 Honda employees across the world, including the CEO.

Apart from personally identifiable information, the database instance included details about machines on the network, like the version of the operating system, hostnames, and patch status.

According to Paine’s research, a table called “uncontrolledmachines” listed systems on the internal network that did not have security software installed.

“If an attacker is looking for a way into Honda’s network knowing which machines are far less likely to identify/block their attacks would be critical information. These “uncontrolled machines” could very easily be the open door into the entire network,” Paine said

Another open ElasticSearch database belonging to Honda was discovered on December 11 last year by security researcher Bob Diachenko. The records were unprotected on the public internet and included data about customers in North America.

The database was from a data logging and monitoring server for telematics services. It included full names, email addresses, phone numbers, postal addresses, vehicle make and model, as well as its identification number (VIN).

The company estimated that about 26,000 unique consumer-related records were exposed due to the misconfigured database.

Update 6/8/20: Added information about a Honda IP address in the ransomware executable and a statement from the SNAKE ransomware operators.

Update 6/9/20: Added details from a second statement from Honda about the risk of information breach and the impact on business.

This is a developing story

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us