Honda Rebounds From Cyber Attack; So, What Happened?

by Matt Posky

Published: June 11th, 2020

honda rebounds from cyber attack so what happened

Struck by a cyber attack on its global computer network that temporarily knocked out a few factories and most of its customer service centers, Honda is reporting that things are gradually returning to normal.

“Work is being undertaken to minimize the impact and to restore full functionality of production, sales and development activities,” the company said in a statement earlier this week.

Impacted facilities are supposedly already in decent shape, and the business hopes to move past this in short order. But what actually happened?

According to the informed nerds at Tech Crunch, Honda was made subject to “Snake ransomware.” The file-encrypting malware basically jumbles all the data on a network (or access to it) so it cannot be used by its owner and can be rescinded after the criminals are paid off — usually with digital currencies. Honda said that it doesn’t believe any files were pulled but its network had been held for ransom by unsavory actors. It also admitted that it didn’t have all the answers just yet.

Factories, including the plant in Marysville, Ohio, are said to be resuming operations today or tomorrow. Customer service is still reporting issues, however. There are also lingering concerns from experts that the corporation could be vulnerable to subsequent attacks until a rigorous investigation has been completed.

From Tech Crunch:

Brett Callow, a threat analyst at security firm Emsisoft, said a sample of the file-encrypting malware was uploaded to VirusTotal, a malware analysis service, referencing an internal Honda subdomain, mds.honda.com.

“The ransomware will only encrypt files on systems capable of resolving this domain but, as the domain does not exist on the clear net, most systems would not be able to resolve it. mds.honda.com may well exist on the internal nameserver used by Honda’s intranet, so this is a fairly solid indicator that Honda was indeed hit by Snake,” said Callow.

Honda finds itself in similar company to IT giant Cognizant, cyber insurer Chubb, and defense contractor CPI, all of which were hit by ransomware this year.

Honda was hit with ransomware before, in 2017 — along with Renault, Nissan, Dacia and a bunch of other companies we don’t care about because they don’t build cars. It’s no stranger to digital shenanigans. But the aforementioned WannaCry attacks haven’t made it invulnerable to similar intrusions. Likewise, a lot of the more recent cyber attacks are presumed to have state backing due to their increasing levels of complexity. We don’t envy corporations having to contend with these attacks, least of all now that they seem to be coded by professionals.

Honda hasn’t mentioned what was lost in the attack, or even if it caved to the demands. For what it’s worth, it did say that there was “no current evidence of loss of personally identifiable information” and that most facilities are already operational. Let’s hope it stays that way.

[Image: Anastasiia Moiseieva/Shutterstock]

#CrimeAndPunishment #CyberAttacks #CyberCrime #Honda #HondaMotorCo #Ransomware

Matt Posky

A staunch consumer advocate tracking industry trends and regulation. Before joining TTAC, Matt spent a decade working for marketing and research firms based in NYC. Clients included several of the world’s largest automakers, global tire brands, and aftermarket part suppliers. Dissatisfied with the corporate world and resentful of having to wear suits everyday, he pivoted to writing about cars. Since then, that man has become an ardent supporter of the right-to-repair movement, been interviewed on the auto industry by national radio broadcasts, driven more rental cars than anyone ever should, participated in amateur rallying events, and received the requisite minimum training as sanctioned by the SCCA. Handy with a wrench, Matt grew up surrounded by Detroit auto workers and managed to get a pizza delivery job before he was legally eligible. He later found himself driving box trucks through Manhattan, guaranteeing future sympathy for actual truckers. He continues to conduct research pertaining to the automotive sector as an independent contractor and has since moved back to his native Michigan, closer to where the cars are born. A contrarian, Matt claims to prefer understeer — stating that front and all-wheel drive vehicles cater best to his driving style.

More by Matt Posky

Comments

Join the conversation

13 comments

Sgeffe on Jun 11, 2020

Good to know they’re getting back to normal. (Well, whatever “normal” is in the COVID-19 era!) Even as a Systems Analyst, I’d need help if I fell for one of these! More to the point here, I couldn’t correct the problem of my own Accord! ;-)

Like Reply
- See 4 previous
- Whisperquiet on Jun 11, 2020
  
  That would be your Civic duty.
  
  Like
- Sgeffe on Jun 11, 2020
  
  @whisperquiet Indeed! A most Insightful comment!
  
  Like
- Tele Vision on Jun 11, 2020
  
  For Clarity this could just be the Prelude to further attacks.
  
  Like
- Thornmark on Jun 12, 2020
  
  normal just wondering, NormSV650, could he have a talent we are unaware of? naw
  
  Like
- Karonetwentyc on Jun 12, 2020
  
  @Tele Vision This one hit with some serious Vigor. While not exactly Legendary, it'll be difficult to Beat.
  
  Like
Brn on Jun 11, 2020

I find it interesting that we don't work harder to locate and punish those responsible for stuff like this. Their crimes are large, destructive, and intentional.

Like Reply
- See 5 previous
- Sgeffe on Jun 11, 2020
  
  The issue is probably that these characters are as slippery as the numbskulls bombarding people with robocalls! By the time anybody could get a handle on them, they’re gone! Since I’ve been working from home since March, I cannot believe how many calls I’ve gotten for warranty offers on the 2013 Accord currently in my avatar — even though I literally traded that car in a year ago already! (Speaking of avatars, how on God’s green Earth can I change that avatar to the Gravatar I created? Supposedly that’s compatible with this site, but the old one’s still there, even though several other sites use it seamlessly!)
  
  Like
- Karonetwentyc on Jun 12, 2020
  
  Something to keep in mind: in a lot of cases, attribution can be established regarding the actors involved in the attack. However, if those same actors are part of a nation-state organisation or are located in a territory that will deny (read: ignore and roundfile) warrants, extradition requests, etc., then there's no point in pursuing it past that point. Attacks of this type and on this scale are typically organised, planned, and executed by groups with structure and access to financial and material resources. It's almost never little Billy down the street getting bored again and ending up with the FBI raiding his house the next morning.
  
  Like
- Brn on Jun 12, 2020
  
  @karonetwentyc I agree with Karon. These aren't just some thugs. Their well organized and often foreign. Sometimes even foreign governments. If we can't "get" them, maybe we can expose them? Then again, that might expose us. :)
  
  Like
- Karonetwentyc on Jun 12, 2020
  
  @brn Oh, exposure has already happened both ways. Take a look at the following: https://www.fireeye.com/current-threats/apt-groups.html (check the links under 'Suspected Attribution') https://en.wikipedia.org/wiki/Stuxnet Electronic warfare: cheap to wage 24/7/365, and with potentially significant gains. It's why all the cool kids are doing it!
  
  Like
- Stuki on Jun 13, 2020
  
  It's more efficient to make yourself a harder target. Finding "who" is behind a virus, when the whole world in networked by now, is harder than finding a needle in a haystack. And even if you think you have a fairly good ideas, you can't really be sure. Which, at least for now, limits what most are willing to do in "revenge." If things get out of hand, expect organizations to simplify the systems in use by most employees. Sort of a Re-Greenscreening (just perhaps not quite as severe.) An awful lot of the attack surface organizations present, exist on account of end user systems way more complex than what is strictly needed for the functions most of their employees need to perform.
  
  Like
- Lorenzo on Jun 13, 2020
  
  @sgeffe That's just normal commerce - asking about your avatar. They scan the net for any kind of hook to get you to buy something. I just searched for the history of John Bell Hood, the Confederate general Fort Hood was named after, and I got a pop-up offering more info about him, from a publishing company! That's not a sinister cyber-attack, it's just online business, with an assist from Google, suctioning any data from users they can sell.
  
  Like

Recent Comments

Jeff Self driving cars are not ready for prime time.
Lichtronamo Watch as the non-us based automakers shift more production to Mexico in the future.
28-Cars-Later " Electrek recently dug around in Tesla’s online parts catalog and found that the windshield costs a whopping $1,900 to replace.To be fair, that’s around what a Mercedes S-Class or Rivian windshield costs, but the Tesla’s glass is unique because of its shape. It’s also worth noting that most insurance plans have glass replacement options that can make the repair a low- or zero-cost issue. "Now I understand why my insurance is so high despite no claims for years and about 7,500 annual miles between three cars.
AMcA My theory is that that when the Big 3 gave away the store to the UAW in the last contract, there was a side deal in which the UAW promised to go after the non-organized transplant plants. Even the UAW understands that if the wage differential gets too high it's gonna kill the golden goose.
MKizzy Why else does range matter? Because in the EV advocate's dream scenario of a post-ICE future, the average multi-car household will find itself with more EVs in their garages and driveways than places to plug them in or the capacity to charge then all at once without significant electrical upgrades. Unless each vehicle has enough range to allow for multiple days without plugging in, fighting over charging access in multi-EV households will be right up there with finances for causes of domestic strife.