Do you still remember the WannaCry virus? IT professionals will remember it for years. I already thought that after all the time, all the companies had properly secured and updated their machines. Microsoft has released a special update for non-supported operating systems, even Windows XP. However, somehow, Honda did not care about the whole situation and paid a considerable price for it.
Ransomware called WannaCry or WannaCrypt uses a hole in the Samba implementation that has been patched in March this year. This protocol is used for example by network drives and network printers, so it is enabled by default. The virus encrypts the files and requests a ransom of $300 for decryption. Interestingly, WannaCry uses the EternalBlue exploit, which was stolen from CIA servers. All the confusion began on Friday, May 12, after a few hours the virus was raging all over the world.
The Honda factory has been immobilized all day by WannaCry.
Windows is everywhere, not just on our laptops and computers, but also on many devices. In industry, it is used on many devices, e.g. different types of measuring instruments and other specialized control systems, even the production system. It would seem that this type of environment is isolated from the outside world. Unfortunately, even if there is no direct connection to the Internet, there is often a gateway that allows remote work. There is a firewall out there that should cut out all unnecessary traffic. However, sometimes it happens that for convenience, the traffic for all ports is unlocked for convenience. This is usually done with laziness.
Production capacity of stopped Honda factory is about 1 000 vehicles per day.
So many cars are manufactured at the Sayama factory (near Tokyo). The virus was discovered last Sunday, and by Wednesday it also attacked Honda’s departments in North America, Europe, China and other parts of the world. The IT department reported that the appropriate security measures against WannaCry were implemented in May. Therefore, it is suspected that WannaCry was not introduced to the corporate network via the 445 port. A similar attack also occurred in Australia, where the victim was a system of the speed and light cameras. Interestingly, in this case it is suspected that the virus was introduced through the USB port. This is a good lesson for IT departments because it demonstrates that security policies should also take into account internal threats, not just external ones. Therefore, at all costs care should be taken to keep up-to-date with any updates.
Source: techPowerUp, The Hacker News
