Cyber101: Honda Breach
By Mike Talon for SKOUT CYBERSECURITY
A reader recently asked:
“There were news reports that Honda had a breach. I’ve bought a Honda recently, should I be worried?”
In this case, while you may need to be a bit more careful and on the lookout for phishing schemes, no there isn’t much reason to be worried.
First, what happened: Honda recently disclosed that some files had been stolen from their systems. That’s pretty bad for Honda, but what was stolen is may be more problematic in the long-term. At least one of the files was a list of desktops and laptops of Honda employees that were not fully protected from viruses, spyware, and other malware. For most folks who are not employees of Honda, this isn’t a direct threat to your information or security. For Honda itself this is a major security issue as this file can be shared throughout the threat actor community and basically provides a roadmap to every desktop and laptop they should attack.
The fact that so many machines are now extraordinarily vulnerable to attack is the reason the general public should be on their guard for some time to come. While Honda doesn’t believe that any direct consumer information was stolen, those unprotected laptops and desktops may hold such information. If an employee were to be infected with malware, such data could end up being stolen by a future attack. To clarify things, it is not impossible, but also is not likely, that user account numbers, social security numbers, or any other dangerous information is on these computers. That being said, it is very likely that email addresses, names, addresses, etc. of Honda customers are indeed on these computers, and could be stolen over time. Since thousands of Honda computers were on this list, it is unlikely that Honda will be able to set up defenses on all these machines before a threat actor starts trying to steal information.
So, if your information from these unprotected machines is stolen, what can you do? At the moment, info stolen will include contact data but probably not much else. This means that threat actors will most likely attempt to use the stolen data to conduct phishing attacks and fraud. A quick recap on these two forms of attack:
Phishing is simply an attacker using email to try to trick you into giving them more information than they have. This might be an attempt to get you to log into a fake version of a real website that you use, which would let them see your username and password for that website. It might be an attempt to get you to open an attachment – thinking it’s from Honda – which contains more dangerous malware.
Fraud attacks from this kind of breach are usually targeted at Honda customers. They may ask you to call Honda to settle a loan or other payment, or to pre-pay for services. They may also ask for a wire transfer to cover some kind of payment. In both cases, the numbers supplied or bank accounts given would be owned by the threat actor, so you’d be sending money directly to them.
Also remember that these attacks can be carried out by phone – provided the information that will be stolen includes telephone numbers. This type of attack, called “vishing” (Voice Phishing) is becoming much more popular these days. The goals will be the same, but they will try to trick you into making credit card payments over the phone, as opposed to going to a website.
Remember the basic rules to keep yourself safe from these types of attack:
1 – Never click on links in email. You can manually go to the website in question in your browser, and log in. If there is a payment due or a special offer available to you, it will be found there.
2 – Never open an attachment without confirming what it is first. Call whoever sent it and make sure it really came from them.
3 – Keep your computer updated with anti-malware software, this will catch many common viruses and other malware before it even shows up in your email.
4 – For vishing attacks, always remember that no legitimate company or agency will ever require you to make a payment while you are on the phone with them immediately. Legitimate firms and government organizations will always permit you to call them and make the payment that way.
These types of attacks are becoming more and more common, but we can defend against them. Taking basic security precautions that don’t take a lot of time or technical know-how can and will keep you safe.