Wednesday, June 10, 2020

Corona Daily 424: Honda Hit by a Virus


On Monday, 8 June, Honda admitted their control systems had been attacked. The company was unable to access its own servers or use emails. Production and shipments, already hit hard by the lockdown, stopped. Honda employees worldwide were asked to go home.

Honda, the Japanese company, is the world’s leading motorcycle maker for the past sixty years. Always in the top ten carmakers’ list, its turnover is $150 billion. It is an excellent target for cyber crime.
*****

Experts believe Honda has been attacked by the Ekans ransomware. (Read Ekans backward to understand its toxicity). First observed in December 2019, it encrypts data and leaves a ransom note. Industrial control systems usually shut down as a result of the attack.

Imagine on returning home, you find someone has locked it. You can’t get inside. A note left at the doorstep asks you to pay money in order to get the key to re-enter your house.

To put pressure on the victim, the cyber criminals can auction some of the stolen data online. In such auctions confidential cash flow analyses, company’s future plans, distributor lists, vendor agreements and images of employees’ driving licenses have been sold. If our bank or our government’s tax department were to be hacked, we may find our most intimate financial details sold to criminal gangs.
*****

Is this related to the pandemic? It probably is.

Work From Home (WFH) is an absolute nightmare for IT managers. Any individual employee can be lured to download a link he shouldn’t. Since the beginning of the pandemic, thousands of Covid-links, ‘helping the poor’ sites and dashboards have been used by cyber criminals. Johns Hopkins University had to issue a public statement on malware disguised as a Covid-19 map. Unfortunately a few thousand non-suspecting people had already downloaded the impostor map.

Several poly-criminal, multinational gangs now give priority to cyber-crime. When wildlife trafficking stopped in March and April, some organized crime groups switched over to cyber-crime.

Because they operate in cyberspace, it is difficult to catch the operators. Like Al-Qaeda in the real world, these operators are often known by the ransomware they promote. DoppelPaymer and Maze are large organizations that deploy and facilitate the payment of ransomware. They are happy to take payment in virtual currencies like bitcoin, making it even more difficult to trace them. On 18 March, in a press release, Maze promised to stop attacking health organizations (but not pharma companies, because they are for profit). Most cyber criminals have said if they accidentally target hospitals, nursing homes, or health agencies, the victim should contact them (contact details are given anyway to enable ransom payment).  They will decrypt for free.
*****

Times are such that we need to protect both ourselves and our gadgets from viruses. Your devices must have strong anti-malware protection. It is best to avoid downloading anything non-essential. You may think of it as internet social distancing if you like. If you are working from home, your employer’s safety is in your hands.

However, if you own a Honda vehicle, your contact details may already be in the hands of a cyber-gang.

Ravi

2 comments: