Honda plant hit by WannaCry ransomware attack

 

Reports are surfacing that Honda halted production at one of its vehicle plants for a day this week after finding the WannaCry ransomware that struck globally last month in its computer network. The automaker shut production on Monday at its plant in Japan.

http://brn.firetrench.com

 

Please see below for comments from ESET and One Identity.

Mark James, security specialist at ESET:

“As with most malware, even after the initial impact of a public or global strike, it’s still working its way around the internet looking for victims. In this case when malware uses exploits in common or older versions of Windows, many large manufacturers that use bespoke or embedded systems with software that may not be easily or quickly replaced could be teetering on the edge of disaster frantically trying to protect themselves. It only takes one slip, one email or one web page, from all the hundreds or thousands of employees connected to a network of computers that often has to connect worldwide to enable a smooth global operation.

Of course keeping your systems up to date with the latest updates and patches, and ensuring you have a good regular updating internet security product will help to keep you safe, but educating your staff on the dangers of using the very tools we need them to use for their daily workloads is just as important.”

Andrew Clarke UK director at One Identity:

“Even global, corporate brands are seen to be impacted by WannaCry as illustrated by the news that Honda halted production.

It takes just one vulnerable system to leave the door open.  Having been hit in other plants during May, Honda took steps to protect themselves at the time; but as most of us are now aware it is a continuing battle against emerging threats.  Microsoft, for example, on their regular patch Tuesday update in June patched 96 security vulnerabilities and continued to resolve issues in Windows XP.  It is important in industrial plants, where there are often embedded computer systems, that patches are applied promptly and across all systems.   Often due to the complexity of change, it takes some weeks or months to bring all systems up to date.  And of course it is not just Microsoft that needs patching, all manner of systems need to be assessed and updated.  

Some communication protocols have proven to be very insecure, such as the file sharing server message block SMBV1 which was exploited by the WannaCry ransomware and in fact is being disabled totally from windows 10 later this year.  Elsewhere it is recommended that the SMBV1 protocol be disabled if it is not used operationally.

This latest incident reminds us that our efforts to defend our organisations against emerging threats is continuous.  Regular review of all systems and their communication protocols is necessary and, more importantly, a thorough analysis of access controls.  Ask who has access; what can they access and why do they access?  Often in organisations individuals are provisioned to access systems for short periods and are never deprovisoned, which means over time they get excessive access that can be damaging to the business if misused.   Tools to control and manage overall access are critical.  Malware such as WannaCry takes advantage of gaps in security so to be truly safe requires a continuous and thorough approach which embraces the multiple aspects of cyber security.”

Ford Chip Ganassi Racing Grabs Second Place in GTE Pro at Le Mans 24 Hours

-#67 Ford GT takes second in GTE Pro at the Le Mans 24 Hours in thrilling finish

-Marks second year in a row that Ford Chip Ganassi Racing has made the podium at the legendary event

-The podium earned the #67 team double points toward the 2017 FIA World Endurance Championship title

LE MANS, France, June 18, 2017 – The #67 Ford Chip Ganassi Racing Ford GT of Andy Priaulx (GB), Harry Tincknell (GB), and Pipo Derani (BRA) grabbed the runner-up spot of the 2017 Le Mans 24 Hours at the final corner of the final lap.  Last minute struggles for the second-placed Corvette gave Tincknell the opportunity to pounce at the Ford Chicane and take the place just as the chequered flag fell.

http://brn.firetrench.com

Continue reading

Concerns in the UK Over National, Financial, Internet and Personal Security Have Increased Significantly, According to the 2017 Unisys Security Index

 

LONDON, June 20, 2017 /PRNewswire/ —

Leading security barometer the only recurring snapshot of security concerns conducted globally shows that war and terrorism rank as the highest security issues cited by the British public with 52 percent citing serious concerns

http://brn.firetrench.com

Continue reading

Huge leak of US citizen and voter data

 

A cyber security researcher discovered unsecured databases maintained by Deep Root Analytics, a marketing and big data firm linked to the US Republican Party, containing personal information of nearly 200 million voters – thought to be the largest known leak of US citizen data: http://www.ibtimes.co.uk/largest-known-leak-us-citizen-data-appears-online-198-million-voter-records-exposed-1626913?utm_campaign=/largest-known-leak-us-citizen-data-appears-online-198-million-voter-records-exposed-1626913

http://brn.firetrench.com

Continue reading

Nigerian scammers launch phishing attacks against industrial companies

 

News broke on Friday that Nigerian hackers have stolen sensitive commercial data from industrial firms around the world. In a blog post, Kaspersky Lab said that there were over 500 attacked companies in more than 50 countries. Most of these companies are industrial enterprises and large transportation and logistics corporations.

http://brn.firetrench.com

Continue reading