Julio Rivera: Honda Hack a Wakeup Call for IT Pros

Honda Hack Underscores Dangers of Attacks Against Industrial Control Systems

In early June of 2020, automaker Honda was the victim of a cyber-attack that forced the company to stop production at it's factories all over the world. The attack deployed a ransomware strain known as EKANS and left employees unable to access email or servers. Infections like EKANS or "SNAKE," as it is also known as, are programmed to attack factories’ industrial control systems (ICS), and have been used in attacks against industrial facilities like factories, power plants, utility companies and others in the past.

These attacks against ICSs can cause catastrophic damage very quickly by targeting critical infrastructure and are an ongoing threat as a 2019 report from cybersecurity firm Kaspersky Labs indicated that a whopping 42.7% of the American ICS computers that used their software solution last year were attacked by hackers.

Some notable examples of previous Industrial Control Systems (ICS) attacks are:

March 2000: An attack in Queensland, Australia targeted the local utility known as the Maroochy Shire Council’s wastewater system. The attack inhibited Communications that were sent by radio frequency (RF) to wastewater pumping stations. The failed and the alarms designed to notify engineers of problems in the system did not activate. It was eventually discovered by an engineer monitoring the system signals that a breach had occurred. After an investigation, the hacker was located and on April 23, 2001 police discovered that the attacker, Vitek Boden, had a laptop and specialized Supervisory Control and Data Acquisition (SCADA) equipment that he had used to attack Maroochy Water. Boden employed the use of the laptop and a radio transmitter to control as many as 150 sewage pumping stations. Over about 3 months, Boden released millions of gallons of untreated sewage into local parks and waterways.

In 2010, an attack that many experts describe as the first in the age of cyberwarfare, the “Stuxnet Attack,” damaged the industrial control systems of about one-fifth of Iranian nuclear centrifuges. In testimony given to the US Senate Homeland Security Committee, Dean Turner, an executive from Symantec, testified that Stuxnet malware was a wake-up call to critical infrastructure systems globally, as Stuxnet was thought to be the first example of written code specifically designed to hinder ICSs and give hackers control of specific systems. What made Stuxnet such a danger was that it's ability to self-replicate and spread through multiple systems.

December 23, 2015 saw a major hack shut off electricity to nearly a quarter-million Ukrainians. This attack was widely regarded as the first known successful attack against a country’s power grid. The attack hit an electric utility company in western Ukraine and impacted a large area which including the regional capital of Ivano-Frankivsk. Attackers cut off 30 substations and left over 230,000 Ukrainians without electricity for six hours. The companies SCADA equipment was disabled, and power had to be restored manually. The subsequent investigation showed that hackers facilitated the outage using BlackEnergy malware to exploit macros in Microsoft Excel docs. The company was targeted and infected via a tainted spear-phishing email.

Attacks against ICS' have the potential to poison our water, shut off power in major cities and melt nuclear power plants. As the government’s focuses on the Coronavirus pandemic and issues related to social justice, private sector security professionals must remain as vigilant while American intelligence agencies and law enforcement seem temporarily distracted.