Cyber attack at Honda worldwide. Industrial systems are targeted.

What happened?

On June 08, 2020, Honda was the victim of a cyber attack in Japan. Presumably, an email with a malicious attachment is at the root. The malicious attachment allowed the ransomware EKANS (the inverse of ‘snake’) to enter the network.

Honda production line

What is special about EKANS? This focuses on Industrial Control Systems (ICS). In other words, it will specifically affect processes within an Operational Technology (OT) environment and encrypt files. That has a direct impact on production.

The Open Threat Exchange (https://otx.alienvault.com/pulse/5edfa067a3c35f06ff50b459) shows that this EKANS ransomware is a variant of Megacortex, a form of ‘targeted ransomware’.

The main way this EKANS ransomware is used is via email with attachment.

What can you do?

If you have an industrial environment where there are computer-controlled Industrial Control Systems, then you should pay attention to the following things to keep the risk as low as possible that this also happens to you.

Spinae is specialized in this matter and can assist you in this.

  • Keep your IT and your OT separate.
    • You can read e-mail on endpoints in the IT network
    • With strict separation, the endpoint in the IT network that received the email with malicious attachment cannot join the OT network
    • Ask advice from specialists
  • Make sure your employees are properly trained on how to safely handle email with attachments.
    • User Awareness Training is a must
    • Don’t do it once, but at regular intervals
    • Ask specialists for advice
  • Make sure you have an up-to-date inventory of all devices and software in your Industrial Control System network
    • This is how you map out where possible security holes are
    • You can’t protect what you don’t know
  • Take inspiration from IEC 62443 how to secure industrial networks
    • Ask specialists for advice

Extra information

  • https://www.forbes.com/sites/daveywinder/2020/06/10/honda-hacked-japanese-car-giant-confirms-cyber-attack-on-global-operations-snake-ransomware/
  • https://www.bbc.com/news/technology-52982427
  • https://www.ft.com/content/da60f3da-9669-4d50-ac33-144adac28f4b
  • https://www.zdnet.com/article/honda-confirms-its-network-has-been-hit-by-cyber-attack/

Ask specialists for advice

Spinae is ready to advise and support you. Do you have questions or concerns about ICS or OT security? Contact our experts, they will be happy to assist you.