Honda temporarily shut down operations due to a ransomware attack at its headquarters. According to a statement by the automaker, the cyber-attack impacted Honda’s ability to access its internal networks including servers, email, etc. "Work is being undertaken to minimize the impact and to restore full functionality of production, sales and development activities."
Like any IT breach, the attack has the potential to be quite costly, especially if the hacker was able to gain access to personally identifiable information. However, the real lesson for manufacturers comes in the fact that the breach extended beyond the IT network, putting connectional operational technology at risk as well. While the attack did not impact production facilities in Japan it did shutter most of its plants globally.
Phil Neray, vice president of IoT and industrial cybersecurity with CyberX, tells IndustryWeek, "This is not your father's 'spray-and-pray' ransomware attack. The attack specifically targeted Honda, and it employs Snake ransomware which specifically kills critical industrial control system (ICS) processes, which are used to manage production operations."
Such an occurrence should shine a bright light on the importance of establishing stronger security practices as manufacturers continue to embrace heavily connected digital technologies.
Targeted attacks are understandably tough to defend, because a determined adversary will eventually get into a network. However, Neray offers some strategies to minimize the risk:
- Minimize the number of digital pathways into the network, such as Remote Desktop Protocol (RDP) ports typically used for remote administration. RDP is especially useful nowadays because of employees working from home, but RDP access should be protected by VPN connections and strong credentials using multi-factor authentication, rather than being directly accessible from the internet.
- Implement network segmentation and zero-trust strategies that make it more difficult for attackers to move around the networks after they've gained an initial foothold in the network. In comparison, in an unsegmented or “flat” network, threat actors can move easily between network segments to compromise your most critical assets. Even basic network segmentation, such as separating IT networks from Operational Technology (OT) networks, significantly reduces the attack surface and prevents adversaries from easily navigating the intrusion kill chain.
- Deploy OT-aware behavioral anomaly detection (BAD) technologies to immediately detect unauthorized or anomalous activity – this makes it possible to quickly spot attackers and kick them out before they shut down the plant, cause a safety incident, or stealing sensitive intellectual property.