Japanese automaker Honda’s global operations have been disrupted by a confirmed cyberattack. In a tweet published on June 8, Honda’s automotive customer service Twitter account said the customer service and financial services networks “are experiencing technical difficulties and are not available.”
On the same day, a security researcher by the Twitter name of “milkream” posted images of a ransomware sample that actively checked Honda’s internal network domains. If the affected domains do not resolve when running the ransomware, it exists without encrypting anything.
This ransomware is known as SNAKE. Beeping computer managed to contact the ransomware operator who neither denied nor admitted to being behind Honda’s cyberattack. SNAKE operators said they “would not share details of the attack in order to allow the target some denial.”
What is known is that Honda has temporarily shut down some of its production facilities, as well as customer service and financial services operations. In a statement given to the bbc, the automaker said: “Honda can confirm that a cyber attack has taken place on the Honda network.”
Talk to The edge, Honda said there was “no current evidence of loss of personally identifiable information.” This seems to be related to the fact that the attack is a SNAKE attack because, unlike other ransomware operators, it does not appear to exfiltrate data which can then be used as leverage for ransom payments.
“SNAKE Ransomware was first identified towards the end of 2019 and while the ransomware itself was not very sophisticated,” said Josh Smith, security analyst at Nuspire, “what made it interesting is that it had additional features programmed to force shutdown processes, particularly items involving Industrial Control Systems (ICS) operations.
“It is possible that this attack is related to telecommuting,” said Oz Alashe, CEO of CybSafe. “The coronavirus pandemic has created a large remote workforce that has increased attack surfaces for businesses and increased existing vulnerabilities,” Alashe concluded.
“Honda suffered a cyberattack which affected production operations at some US factories. However, there is currently no evidence of loss of personally identifiable information,” a Honda spokesperson told me in a letter. electronic. “We have resumed production at most of the plants and are currently working to return to production at our auto and engine plants in Ohio.”
– Updated June 10 with a statement from Honda