Global operations at the Japanese car manufacturer Honda have been disrupted by a confirmed cyber attack. In a tweet posted June 8, the Honda Automobile Customer Service Twitter account said that both customer service and financial services networks were “experiencing technical difficulties and are unavailable.”
The same day, a security researcher going by the Twitter name of ‘”milkream” posted images relating to a ransomware sample that was actively checking for internal Honda network domains. If the domains concerned do not resolve when the ransomware is executed, it exists without encrypting anything.
That ransomware is known as SNAKE. Bleeping Computer managed to contact the operator of the ransomware who neither denied nor admitted being behind the Honda cyber attack. the SNAKE operators said that it would “not share details about the attack in order to allow the target some deniability.”
What is known is that Honda temporarily shut some of its production facilities, as well as both the customer service and financial services operations. In a statement given to the BBC, the car manufacturer said: “Honda can confirm that a cyber-attack has taken place on the Honda network.”
Speaking to The Verge, Honda said that there was “no current evidence of loss of personally identifiable information.” This would seem to tie in with the attack being a SNAKE one as, unlike other ransomware operators, it doesn’t appear to exfiltrate data which can then be used as leverage for ransom payments.
“SNAKE Ransomware was identified around the end of 2019 and while the ransomware itself wasn’t very sophisticated,” Josh Smith, a security analyst at Nuspire, said, “what made it interesting was that it had additional functionality programmed into it to forcibly stop processes, especially items involving Industrial Control Systems (ICS) operations.”
“It’s possible that this attack was connected to teleworking,” Oz Alashe, CEO of CybSafe, said. “The coronavirus pandemic has created a sizable remote workforce which has increased businesses’ attack surfaces and heightened existing vulnerabilities,” Alashe concluded.
“Honda has experienced a cyberattack that has affected production operations at some U.S. plants. However, there is no current evidence of loss of personally identifiable information,” a Honda spokesperson told me in an emailed stgatement. “We have resumed production in most plants and are currently working toward the return to production of our auto and engine plants in Ohio.”