When a massive cybersecurity threat event like WannaCry ransomware occurs that captures public attention, there is always a larger response from security professionals to stop the bleeding. As such, the fixes come in with exigency in order to protect the global population from the threat. Once there are fixes in place, however, there is an unfortunate tendency for everyday people to think that the threat has been dealt with permanently. I imagine by now that many believe that the WannaCry ransomware threat is a thing of the past, but as a recent breach at Honda proves, this is far from the truth.
In a report from Reuters, it was detailed how Honda came under attack from the infamous ransomware recently. The Honda Sayama plant, which produces vehicles such as the Accord and Odyssey, was forced to shut down after the WannaCry ransomware began spreading in its internal systems in Japan, North America, Europe, and China. After a four-day period, the plant resumed production following a thorough scrubbing of the ransomware from its systems.
According to Threatpost, it is not clear how Honda went about clearing WannaCry from its network, whether their security division handled it, or they required external assistance. The only statement given about the attack from official Honda sources to media was regarding the production loss in terms of units.
The statement reads:
"A total of approximately 1,000 units were not produced as planned as a result of this interruption. Production has resumed and Honda has taken steps to reinforce its virus protection regimen to avoid any similar occurrences in the future."
The thing is that Honda taking steps to "reinforce its virus protection regimen" is only going to work on the current strain of WannaCry that they faced. Malicious code that accompanies malware is always being improved upon by black hats to cause more damage and penetrate even the most secure of systems. It would be helpful to the InfoSec community if Honda released a threat report about what exactly they faced when WannaCry infected their systems, and how they believe the ransomware entered in the first place.
The moral of the story is that just because the media has stopped reporting on a massive cybersecurity threat, it doesn't mean you are in the clear. Honda learned this the hard way.
Photo credit: Flickr / Mike Mozart