Learn more about ransomware protection in our Endpoint Security Buyer’s Guide. Without confirmation from the SNAKE group or Honda, it is impossible to say how long the attackers were present or what sensitive data they may have been able to steal.” This combined with the targeted nature of the malware’s “pre-checks” indicates that the attackers likely had access to Honda’s internal systems for some time before launching the ransomware’s encryption functions. More concerning is that the SNAKE ransomware team has historically attempted to exfiltrate sensitive information before encrypting their victim’s computers. This strongly implies that this was a targeted attack rather than a case of cyber criminals spraying out ransomware indiscriminately. HondaMobile is the official communications app for news, information and resources related to your Honda employment. The malware exits immediately if associations with Honda are not detected. This attack appears to be a ransomware attack associated with the SNAKE cybercrime group as samples of malware the check for an internal system name and public IP addresses related to Honda have surfaced publicly on the internet. Unfortunately, many applications that organizations rely on are often not architected to support this level of segmentation, so it’s possible that Honda had few other options in exposing their internal network to the internet. Honda’s statement that an internal server was externally attacked could mean that they did not take this step to prevent an attacker from propagating to other areas of the organization. “A well-known information security best practice is isolating any internet-accessible servers into a DMZ network that has extremely limited access to any other networks in an organization to prevent widespread damage in the event a single system is compromised. Honda is a huge company, though, so any downtime incurs large losses even if the company chooses not to pay the ransom.” Chris ClementsĬhris Clements is VP of Solution Architecture at Cerberus Sentinel. If Honda has proper backup systems in place, it should be able to mitigate the effect of the attack and resume operations with minimal downtime. Attackers might have tricked a Honda employee into clicking a link that downloaded a ransomware-infected file, for example. ![]() Given that many operations are shut down, but no data was stolen, ransomware is the most obvious culprit. ![]() “Based on the limited information Honda has released about the attack, this looks like the result of ransomware. Paul Bischoff is a privacy advocate with Comparitech. Experts Comment on Honda Production Ransomware Attack Paul Bischoff
0 Comments
Leave a Reply. |