In 2020, car manufacturer Honda fell victim to a ransomware attack. Using a payload called “update.exe,” the attack crippled Honda’s international customer service and Financial Services wing for days. Although it affected two customer facing branches of this global corporation, the ransomware was designed to target and breach Honda’s critical ICS/SCADA environments.
This ransomware, written in ‘Go’ language and highly obfuscated, is called EKANS, or “Snake” spelt backward. The malware includes a check for a hardcoded internal system name and a corresponding public IP address related to Honda. If it doesn’t exist, it exits.
On the Impact of ICS Cybersecurity Threats
The attack described above was targeting the entire network, including the Internet of Things and SCADA systems. This can have severe consequences in an environment that is machine/ICS-centric. When industrial control systems are down, it directly impacts manufacturing and industrial activity, which directly correlates to a loss of revenue.
Regardless of the attack vectors, ICS and SCADA systems are increasingly becoming the victims of targeted, sabotage-type attacks. In October 2019, for instance, North Korean state-sponsored attackers targeted India’s nuclear plants using Remote Access Tools (RATs) to collect information such as host IPs, running processes, password hashes and browser history. News of that attack arrived several months after solar power company sPower suffered a distributed denial of service (DDoS) attack in March 2019 that targeted exploits in firewalls, forcing unexpected reboots of devices.
Strengthening Your OT Environment Against Threats
These ICS attacks are clearly varied, but one theme that is rapidly emerging is that OT cybersecurity is crucial and can no longer be overlooked.
This, however, is easier said than done. One of the biggest challenges that organizations within the OT sector face is to recognize cybersecurity as an issue. Traditionally, OT infrastructure was never built with (Read more...)
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Anirudh Chand. Read the original post at: https://www.tripwire.com/state-of-security/featured/update-exe-case-study-robust-ot-cybersecurity/