Honda Factory Hit With WannaCry Ransomware Attack

News  broke yesterday morning that Honda has halted production at its Japanese plant following discovering WannaCry ransomware in its systems.

Commenting on this, Mike Ahmadi, global director of critical systems security at Synopsys, said: "A plant shutdown can cost millions of dollars per day in lost production and, in any event, is likely to far exceed the cost of the ransom. Attackers are likely to apply risk management techniques to their attacks going forward that will serve to help them get the most return for each attack.

"I am not saying this is what happened here, but once attacks become financially motivated, this becomes more likely. Organisations need to start calculating such attacks as very high likelihood, and prepare accordingly."

Mark James, security specialist at ESET, said: "As with most malware, even after the initial impact of a public or global strike, it’s still working its way around the internet looking for victims. In this case when malware uses exploits in common or older versions of Windows, many large manufacturers that use bespoke or embedded systems with software that may not be easily or quickly replaced could be teetering on the edge of disaster frantically trying to protect themselves.

"It only takes one slip, one email or one web page, from all the hundreds or thousands of employees connected to a network of computers that often has to connect worldwide to enable a smooth global operation.

"Of course, keeping your systems up to date with the latest updates and patches, and ensuring you have a good regular updating internet security product will help to keep you safe, but educating your staff on the dangers of using the very tools we need them to use for their daily workloads is just as important."

Andrew Clarke, UK director at One Identity, added: "Even global, corporate brands are seen to be impacted by WannaCry as illustrated by the news that Honda halted production.

"It takes just one vulnerable system to leave the door open.  Having been hit in other plants during May, Honda took steps to protect themselves at the time; but as most of us are now aware it is a continuing battle against emerging threats.

"Microsoft, for example, on their regular patch Tuesday update in June patched 96 security vulnerabilities and continued to resolve issues in Windows XP.  It is important in industrial plants, where there are often embedded computer systems, that patches are applied promptly and across all systems.  

"Often, due to the complexity of change, it takes some weeks or months to bring all systems up to date.  And of course it is not just Microsoft that needs patching, all manner of systems need to be assessed and updated.  

"Some communication protocols have proven to be very insecure, such as the file sharing server message block SMBV1 which was exploited by the WannaCry ransomware and in fact is being disabled totally from windows 10 later this year.  Elsewhere it is recommended that the SMBV1 protocol be disabled if it is not used operationally.

"This latest incident reminds us that our efforts to defend our organisations against emerging threats is continuous. Regular review of all systems and their communication protocols is necessary and, more importantly, a thorough analysis of access controls. Ask who has access; what can they access and why do they access? Often, in organisations individuals are provisioned to access systems for short periods and are never deprovisoned, which means over time they get excessive access that can be damaging to the business if misused.  

"Tools to control and manage overall access are critical. Malware such as WannaCry takes advantage of gaps in security so to be truly safe requires a continuous and thorough approach which embraces the multiple aspects of cyber security."

Also Read

Stay in the know with our newsletter