Hello and welcome to the latest issue of GlobalSign’s weekly cybersecurity wrap-up.
Honda was in the bullseye this week as the automaker was struck by a pretty significant ransomware attack. Several days into it, the automaker’s global operations have been hit hard enough that the company is still working to get everything back online. On Tuesday the company said it was necessary to temporarily shut down some production facilities, and its customer and financial services operations are closed.
Another major brand, Nintendo, announced that it was upping the numbers of account holders affected by the breach the company announced back in April. The number of accounts impacted went from 140,000 to 300,000. That’s quite a jump!
Also this week: Nine top German companies involved in procuring personal protective gear in the fight against Covid-19 were impacted by a phishing scheme. At least one of the nine companies was impacted. The phishing attempts against the unnamed company, which are ongoing, have extended to more than 100 senior management and procurement executives at the company and its suppliers in multiple sectors.
For all the week’s top security stories please read on. Thanks for dropping by, and hope you have a terrific weekend!
Top Global Cybersecurity News
InfoSecurity (June 10, 2020) Nintendo Breach: Now 300,000 Accounts Affected
"Nintendo has added another 140,000 accounts to those it claimed were compromised by hackers from April this year, bringing the total to 300,000.
The updated figure was given as a result of its ongoing investigation into the incident. The additional Nintendo Network ID (NNID) accounts that have been ‘accessed maliciously’ have had their passwords reset and the relevant customers were contacted directly.
The gaming giant said back in April that 160,000 legacy NNIDs, which are associated with its now-defunct Nintendo 3DS handsets and Wii U consoles, were accessed by unauthorized third parties.'"
ZDNet (June 10, 2020) Arm CPUs impacted by rare side-channel attack
"Chipmaker Arm has issued guidance to software developers this week detailing mitigations against a new vulnerability discovered in its Armv8-A (Cortex-A) CPU architecture.
Codenamed SLS (standing for Straight-Line Speculation), this bug is a classic side-channel speculative execution attack.
Speculative execution refers to the concept of CPUs processing data in advance for speed and performance reasons and then discarding the computational branches they don't need. Side-channel attacks in speculative execution allow malicious threat actors to leak (steal) these temporary computations and see what the CPU might be working on"
The Verge (June 9, 2020) Honda Ransomeware attack halts production
"Honda’s global operations have been hit with a ransomware attack and the Japanese automaker is still working to get everything back online. The company said Tuesday that it had to temporarily shut down some production facilities, and its customer and financial services operations are closed.
‘[T]here is no current evidence of loss of personally identifiable information,’ Honda says in a statement to The Verge. ‘We have resumed production in most plants and are currently working toward the return to production of our auto and engine plants in Ohio.’
The virus is thought to be what’s known as the ‘Snake’ ransomware. This kind of attack involves a hacker encrypting a company’s files to hold them hostage, and then offering to decrypt them in exchange for money. Honda referred to it as a ‘major computer ransomware (virus) attack’ in its internal alert system, according to a message viewed by The Verge. ‘Teams from IT Globally and across the NA Region are working continuously contain this attack and restore normal business operation as quickly as possible, however many business processes that rely on information systems are impacted."
The Citizen's Lab (June 9, 2020) Dark Basin: Uncovering a Massive Hack-For-Hire Operation
"Dark Basin is a hack-for-hire group that has targeted thousands of individuals and hundreds of institutions on six continents. Targets include advocacy groups and journalists, elected and senior government officials, hedge funds, and multiple industries.
Dark Basin extensively targeted American nonprofits, including organisations working on a campaign called #ExxonKnew, which asserted that ExxonMobil hid information about climate change for decades.
We also identify Dark Basin as the group behind the phishing of organizations working on net neutrality advocacy, previously reported by the Electronic Frontier Foundation."
Cyber Scoop (June 8, 2020) Hackers target senior executives at German company procuring PPE
"On March 30, as the novel coronavirus swept through Germany, the country’s government tasked nine multinational companies, including pharmaceutical giant Bayer and automaker Volkswagen, with procuring personal protective equipment to make up for a lack of gear.
The same day, unidentified hackers began an intensive phishing campaign to infiltrate at least one of those nine firms, according to research published Monday by IBM. The findings show how multiple aspects of societies’ response to the coronavirus — from testing facilities to vaccine research to PPE procurement — have been targeted by hackers of various stripes.
The phishing attempts against the unnamed German company, which are ongoing, have extended to more than 100 senior management and procurement executives at the company and its suppliers in multiple sectors, according to IBM. It is unclear if the hacking has been successful, or who is responsible (IBM researchers weren’t sure)."
Other Industry News
Like what you’re reading? Head to the Subscriber form in the sidebar to get insightful GlobalSign content delivered directly to your inbox.