Reports are surfacing that Honda halted production at one of its vehicle plants for a day this week after finding the WannaCry ransomware that struck globally last month in its computer network. The automaker shut production on Monday at its plant in Japan.
Please see below for comments from ESET and One Identity.
Mark James, security specialist at ESET:
“As with most malware, even after the initial impact of a public or global strike, it’s still working its way around the internet looking for victims. In this case when malware uses exploits in common or older versions of Windows, many large manufacturers that use bespoke or embedded systems with software that may not be easily or quickly replaced could be teetering on the edge of disaster frantically trying to protect themselves. It only takes one slip, one email or one web page, from all the hundreds or thousands of employees connected to a network of computers that often has to connect worldwide to enable a smooth global operation.
Of course keeping your systems up to date with the latest updates and patches, and ensuring you have a good regular updating internet security product will help to keep you safe, but educating your staff on the dangers of using the very tools we need them to use for their daily workloads is just as important.”
Andrew Clarke UK director at One Identity:
“Even global, corporate brands are seen to be impacted by WannaCry as illustrated by the news that Honda halted production.
It takes just one vulnerable system to leave the door open. Having been hit in other plants during May, Honda took steps to protect themselves at the time; but as most of us are now aware it is a continuing battle against emerging threats. Microsoft, for example, on their regular patch Tuesday update in June patched 96 security vulnerabilities and continued to resolve issues in Windows XP. It is important in industrial plants, where there are often embedded computer systems, that patches are applied promptly and across all systems. Often due to the complexity of change, it takes some weeks or months to bring all systems up to date. And of course it is not just Microsoft that needs patching, all manner of systems need to be assessed and updated.
Some communication protocols have proven to be very insecure, such as the file sharing server message block SMBV1 which was exploited by the WannaCry ransomware and in fact is being disabled totally from windows 10 later this year. Elsewhere it is recommended that the SMBV1 protocol be disabled if it is not used operationally.
This latest incident reminds us that our efforts to defend our organisations against emerging threats is continuous. Regular review of all systems and their communication protocols is necessary and, more importantly, a thorough analysis of access controls. Ask who has access; what can they access and why do they access? Often in organisations individuals are provisioned to access systems for short periods and are never deprovisoned, which means over time they get excessive access that can be damaging to the business if misused. Tools to control and manage overall access are critical. Malware such as WannaCry takes advantage of gaps in security so to be truly safe requires a continuous and thorough approach which embraces the multiple aspects of cyber security.”