December 11, 2023

Computer networks in Europe and Japan from car manufacturer giant Honda have been affected by issues that are reportedly related to a SNAKE Ransomware cyber-attack.

Details are unclear at the moment but the company is currently investigating the cause of the problems that were detected on Monday.

The company has confirmed that its IT network is not functioning properly but declined to provide too more information regarding the nature of the issue as an investigation is ongoing.

“In Europe, we are investigating to understand the nature of any impact” – Honda

The researcher states that this is because the ransomware tries to resolve the “mds.honda.com” domain, and failing to do so, will terminate the ransomware without encrypting any files.

Security researchers also told that in addition to the mds.honda.com check, it also contains a reference to the U.S. IP address 170.108.71.15.

This IP address resolves to the ‘unspec170108.amerhonda.com’ hostname.

The reference to this IP address and the internal hostname check are very strong indicators that today’s network outages are being caused by a SNAKE ransomware attack.

It is unclear how many systems are affected but Snake is known to steal data before deploying the encryption routine.

Open database leaks sensitive info

If this proves to be an intrusion from an unauthorized party, it would be a significantly different security incident than what the company had to deal with last year when misconfigured databases exposed sensitive information on the public internet.

At the end of July 2019, security researcher found an unsecured ElasticSearch database containing information on about 300,000 Honda employees across the world, including the CEO.

Apart from personally identifiable information, the database instance included details about machines on the network, like the version of the operating system, hostnames, and patch status.

A table called “uncontrolledmachines” listed systems on the internal network that did not have security software installed.

“If an attacker is looking for a way into network knowing which machines are far less likely to identify/block their attacks would be critical information. These “uncontrolled machines” could very easily be the open door into the entire network,” Paine said

Another open ElasticSearch database belonging to Honda was discovered on last year by security researchers. The records were unprotected on the public internet and included data about customers in North America.

The database was from a data logging and monitoring server for telematics services. It included full names, email addresses, phone numbers, postal addresses, vehicle make and model, as well as its identification number (VIN).

This Ransomware precursor to Mega cortex family encrypts files and leaves ransom note. Thiss has the capability to stop the running process.. upto 64 processes it can stop.

Tags:

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

You may have missed

TheCyberThrone Security Week In Review – December 2nd & 10th, 2023

December 10, 2023

5Ghoul Vulnerabilities affects 5G devices

December 10, 2023

Microsoft EDGE Browser Critical Sandbox Escape Vulnerability – CVE-2023-35618

December 9, 2023

WordPress POP CMS Vulnerability

December 9, 2023

Apache Struts fixes Critical Vulnerability – CVE-2023-50164

December 8, 2023

Meta enables Messenger with E2EE by Default

December 8, 2023 2
%d