Honda’s Global Operations Disrupted by Ransomware Attack
By Jarren Buendia on July 9, 2020
Executive Summary:
According to multiple sources, Honda reported in early June that their global network was hit by an Ekans ransomware attack. While Honda also reported that no sensitive data was breached, this incident has caused multiple plant shutdowns across the world. So as Honda becomes one of the latest victims of cyberattacks, this situation is a clear-cut instance of how isolated actions can have global ramifications.
Open Source Intelligence (OSINT) Details:
According to the BBC, the cyberattack on Honda’s network was, “affecting its ability to access its computer servers, use email and otherwise make use of its internal system” (Tidy, 2020). The company continued, stating that, “there is also an impact on production systems outside of Japan” (Tidy, 2020). However, the company has made it a point to say “no data has been breached,” and, “work is being done to minimize impact” (Tidy, 2020).
According to a similar article by Reuters, this cyber attack is the second on Honda’s global network. The first was the WannaCry infection in 2017 (Tajitsu, 2020). Morgan Wright, chief security advisor for Sentinel One, stated that the Ekans ransomware that affected Honda, “[…] is designed to attack industrial control systems” (Tidy, 2020). Due to the nature of ransomware, the article also states that the attackers could have encrypted data or locked employees out of select IT systems. This would also explain, at least in part, why Honda had halted operations in North America, UK, Turkey, Italy, as well as Japan (Tidy, 2020).
Potential Impacts:
As Honda is a global manufacturer, they have plants in multiple countries and operate interconnectedly. Thusly, while Honda has stated no data has been breached, but are also withholding details about the incident, the fact of the matter is their global operations were disrupted by a single attack. This operation shutdown comes only a month after Honda reopened their North American plants due to COVID-19 shelter-in-place orders.
Significance:
While global commercialism is an integral part of modern life and economics, it is disconcerting that an entire global operation can be shut down so quickly. There may be other factors in regards to operation disruptions, but based on the articles, it appears that the ransomware is the most significant reason. In addition, due to COVID-19, attacks of this caliber have been on the rise and will continue to be. According to Beazley Insurance, there has been a 25% increase in ransomware attacks against their clients (Tidy, 2020). This increase is less about egregiously attacking organizations in order to steal information related to COVID-19 (like with many attacks against the healthcare industry), but more so that social engineering is more viable than ever. Without more information about how the attack happened, or about how it affected Honda’s network, it is difficult to analyze the incident in depth. However, the significance here is with the sharp increase in cyberattacks due to current events, halting an entire operation with a single attack could be a worrying precursor for future attacks.
Sources:
“Honda’s global operations hit by cyber-attack.” 09 June 2020. Retrieved From: bbc.com. Retrieved: 25 June 2020.
“Honda resumes production at plants hit by suspected cyber attack.” 11 June 2020. Retrieved From: reuters.com. Retrieved: 25 June 2020.
-
Denmark Faces Largest Cybersecurity Incident to Date
Denmark Faces Largest Cybersecurity Incident to Date
12/8/2023 -
Defense Contractor, Japan Aviation Electronics, Falls Victim to a Cyber Attack
Defense Contractor, Japan Aviation Electronics, Falls Victim to a Cyber Attack
12/8/2023 -
North Korea Infiltrates Remote US Jobs to Fund Weapons
North Korea Infiltrates Remote US Jobs to Fund Weapons
11/2/2023