Search This Blog

Showing posts with label Honda. Show all posts

Enel Group attacked by SNAKE ransomware same as Honda


The Enel Group, a power, and sustainability company were hit by EKANS (SNAKE) ransomware on June 7th affecting its internal network.


The company confirmed that their internal network was disrupted consequently had to isolate their corporate network segment but their security system caught the malware before it could infect and encrypt.
The EKANS (SNAKE) group was also responsible for a similar attack on Honda, a few days back.

The company recovered from the attack quite swiftly and all communication and network were restored the next day.

Though Enel didn't disclose which ransomware attacked them, security researchers are placing their bets on SNAKE. David Emm, a principal security researcher at Kaspersky, said: “While the company hasn’t confirmed which ransomware, there have been reports that it is SNAKE, which has been used in the past in targeted ransomware attacks. Nor is it clear how the attackers were able to gain a foothold in the company’s network.

 The spokesperson from Enel said, “The Enel Group informs that on Sunday evening there was a disruption on its internal IT network, following the detection, by the antivirus system, of ransomware."

 "As a precaution, the company temporarily isolated its corporate network in order to carry out all interventions aimed at eliminating any residual risk. The connections were restored safely on Monday early morning."

 “Enel informs that no critical issues have occurred concerning the remote control systems of its distribution assets and power plants, and that customer data have not been exposed to third parties. Temporary disruptions to customer care activities could have occurred for a limited time caused by the temporary blockage of the internal IT network.”

When SNAKE attacks and infects a system, it runs checks on domains and IP addresses to determine if it's working on the correct network, if not then the ransomware withdraws and doesn't perform encryption.

Oleg Kolesnikov, a threat researcher at Securonix Research Lab, Securonix says that SNAKE is different from its family of the virus in the way it uses "relatively high amount of manual effort/targeting typically involved in the operator placement activity, which can sometimes enable them to have a bigger impact on the victims."

Automotive Giant Honda Exposes 26,000 Vehicle Owner Records Containing Personally Identifiable Information of North American Customers


Subsequent to misconfiguring an 'Elasticsearch cluster' on October 21, the multinational conglomerate Honda exposed around 26,000 vehicle owner records containing personally identifiable information (PII) of North American customers.

Security Discovery researcher Bob Diachenko reached out to Honda's security team in Japan following which the team immediately verified the publicly accessible server within only a couple of hours.

The database records incorporated the customers' full names, email addresses, phone numbers, mailing address, vehicle make and model, vehicle VINs, agreement ID, and various service information on their Honda vehicles, the company later included that none of its North American customers' financial information, credit card information, or credentials were uncovered in the episode.

While the company responded instantly in the wake of being informed that the misconfigured Elasticsearch cluster was publicly accessible on the Internet, Diachenko says that their week-long public exposure "would have allowed malicious parties ample time to copy the data for their own purposes if they found it."

The Honda customers' information may be utilized in highly targeted phishing attacks later on if the information was spilled during the week the database was exposed.

Anyway this isn't the first episode for Honda for being involved with such occurrences, for in the past there were comparable circumstances experienced by the 'automotive giant', with the most recent one from July 2019 additionally including a publicly accessible ElasticSearch database that exposed about 134 million documents containing 40 GB worth of information on roughly 300,000 Honda employees from around the world.

Despite the fact that Elastic Stack's 'core security features' are free since May per an announcement made by Elastic NV, publicly accessible and "unsecured" ElasticSearch clusters are continually being spotted by security researchers while scouring the web for unprotected databases. "

This means that users can now encrypt network traffic, create and manage users, define roles that protect index and cluster level access, and fully secure Kibana with Spaces, “ElasticSearch’s designer’s state.

Nonetheless Elastic NV recommends database administrators to verify their ElasticSearch stack by "encrypting communications, role-based access control, IP filtering, and auditing," by appropriately configuring the cluster before conveying it, and by setting up passwords for the servers' built-in clients.