Business urged to block WannaCry as Honda halts production

Businesses are being urged to ensure that they are not vulnerable to WannaCry ransomware after a vehicle manufacturer discovered an infection on its networks

Honda has revealed that it halted production of its vehicles in Japan on 19 June, a day after discovering a WannaCry infection on its networks.

Production was halted at Honda’s Sayama plant, northwest of Tokyo, after the firm discovered that WannaCry ransomware had affected networks across Japan, North America, Europe, China and other regions despite efforts to secure its systems in mid-May, according to Reuters.

Production at other plants operated by Honda had not been affected, and regular operations had resumed at the Sayama plant on 20 June, the company said.

Honda’s discovery comes almost six weeks after WannaCry first emerged on 12 May 2017 and subsequently infected more than 200,000 computers in 150 countries.

Although attribution is difficult, Symantec said in May that tools and infrastructure used in the WannaCry ransomware attack had strong links to Lazarus, the group responsible for destructive attacks on Sony Pictures Entertainment and the Bangladesh Central Bank.

In June, an alert notified the US computer emergency response team (US-Cert), which then confirmed Symantec’s assessment after the US Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) identified one of the tools used in the WannaCry attack as DeltaCharlie. The tool is part of a suite of North Korean malware tools classified by the DHS and FBI as “Hidden Cobra”, also known as Lazarus Group and Guardians of the Peace.

WannaCry seeking victims

As with most malware, even after the initial impact of a public or global strike, WannaCry is still working its way around the internet looking for victims, said Mark James, security specialist at Eset.

“In this case, when malware uses exploits in common or older versions of MicroSoft Windows, many large manufacturers that use bespoke or embedded systems with software that may not be easily or quickly replaced could be teetering on the edge of disaster frantically trying to protect themselves,” he said.

James warned that it takes only one slip from the hundreds of thousands of employees connected to a network of computers that often has to connect worldwide to enable a smooth global operation.

“Of course keeping your systems up to date with the latest updates and patches, and ensuring you have a good and regular updating internet security product, will help to keep you safe, but educating your staff on the dangers of using the very tools we need them to use for their daily workloads is just as important,” said James.

An ongoing battle against cyber threats

Having been hit in other plants during May, Honda took steps to protect themselves at the time, but it is a continuing battle against emerging threats, said Andrew Clarke, UK director at One Identity.

“It is important in industrial plants, where there are often embedded computer systems, that patches are applied promptly and across all systems,” he said.

“Often, due to the complexity of change, it takes some weeks or months to bring all systems up to date. Of course, it is not just Microsoft that needs patching – all manner of systems need to be assessed and updated.”

Gavin Millard, technical director at Tenable said to reduce the probability of being infected by ransomware or a targeted attack using the same vulnerabilities, continuous visibility into the vulnerability status of every asset in the modern computing environment is critical in reducing the available attack surface. 

“Just patching these bugs isn’t always simple as it could cause disruption to the organisation. If that is the case, then compensating controls must be put in place and proper, risk-based decisions must be made. If you can’t patch it, protect it, and if you can’t do either then prepare to pay,” he said.

Tips for securing systems

Responding to the news about Honda, Duncan Hughes, A10 Networks’ systems engineering director for Europe, said organisations should consider six best practice recommendations:

  1. Download the latest patches: Update your operating system to the latest version and install all patches – doing so regularly will ensure your machine stays safe from unwanted malware and other vulnerabilities that attackers tend to exploit.
  2. Beware of phishing emails: While it’s uncertain whether WannaCry uses phishing to gain a foothold on target machines, many ransomware attacks use phishing emails that contain a malicious link or attachment that will infect your machine. Avoid clicking or opening any such attachment.
  3. Back up your files: Regularly create and keep secure backups of your most important files and data. If your machine becomes infected, you can easily restore your data.
  4. Use up-to-date antivirus: Ensure you have the most up-to-date version of antivirus software that can thwart the latest types of viruses and worms, such as ransomware attacks.
  5. Instil a security culture: Introduce and encourage a culture of cyber security diligence in your organisation. Enforcing simple tasks such as locking work stations, securing laptops, using strong passwords and alerting employees about phishing scams and other attacks can help prevent the spread of malware through an organisation or network.
  6. Have a defence-in-depth strategy: A10 Networks encourages using best-of-breed systems for robust security and defence against the evolving threat landscape. Having multiple layers of security increases the chances of catching and eradicating malware such as WannaCry before it has the opportunity to wreak havoc. A multi-layered defence will also mitigate the risk of any single device being compromised and being rendered ineffective.

Read more about WannaCry

  • Computers running Windows 7 accounted for the biggest proportion of machines infected with the WannaCry ransomware, while NHS suppliers are blamed for hampering patching by NHS trusts.
  • Security advisers are urging organisations to patch their Windows systems to avert a possible second wave of an unprecedented, indiscriminate ransomware attack.
  • A failure by many organisations to take cyber security seriously has long been blamed on the lack of a single significant event to shake things up.
  • WannaCry reveals some important facts about our dependence on the internet and IT.

Read more on Hackers and cybercrime prevention