According to this link, https://techcrunch.com/2019/
- The server contained 134 million rows of employee systems data from the company’s endpoint security service, containing technical details of each computer and device connected to the internal network
- The database has no password
- The data included which operating system a user was running, its unique network identifiers and IP address, the status of the endpoint protection, and which patches were installed
- What makes this data particularly dangerous in the hands of an attacker is that it shows you exactly where the soft spots are. This data contained enough identifiable information to make it extremely simple to locate specific high value employees and in the hands of an attacker this leaked data could be used to silently monitor for ways to launch very targeted attacks on those executives
To avoid incidents misconfigurations like what Honda experienced, organizations should change how they deploy and build applications entirely. Not necessarily just a technology shift, but more of a cultural change. Everything an IT department does will need to change: how they deploy applications, what applications they build, how they learn from their customers, etc. All of that has to change because engineering teams have direct access to infrastructure and old processes aren’t going to work. Simple truth: the rate of change and the dynamic nature of software-defined infrastructure has outstripped human capacity. If companies get a list of a thousand problems, even with 100 people tasked with resolving them, problems either disappear, move, or are replaced with even more significant issues. Enterprises need to be able to deal with faults in real-time.
Organizations need a security solution that provides the automation essential to enforce policy, to reduce risk, provide governance, impose compliance, and increase security across large-scale hybrid cloud infrastructure. Automation should take the pain out of making cloud infrastructure secure in a shared responsibility world by providing a framework for what organizations should be doing via a continuous, real-time process. By utilizing security automation, companies can stay agile and innovate, while maintaining the integrity of their technology stack and applying the policy they deem necessary to operate their business.
Core to a company’s solution should be an easy-to-use interface from which clients can manage their existing cloud infrastructure. At scale, policy enforcement cannot and should not be manually performed. Security automation can discover and automatically take action to address policy infringements or security issues (like an exposed ElasticSearch Database). It also allows for simultaneous offense and defense, resulting in increased innovation and a reduction of risk.
There are 3 pillars of information security – people, process and technology; very much in that order. In this scenario it may have been a simple oversight by the person(s) responsible for the database. Robust policy and user training may have helped to reduce the likelihood of this data exposure – technology would have, potentially, alerted Honda to the issue and allowed them to remediate. As an industry it’s becoming more important than ever that, as a whole, we do better. Less vendor FUD, more collaboration and better training – mistakes like these do enable all organisations to learn and do better in the future.
Continuous vulnerability management would have detected the issues and exposures that caused Honda\’s database to remain exposed. This vulnerability is not uncommon, but it is also not difficult to detect.
A company’s entire IP address space needs to be profiled in a continuous manner to detect exposed services and systems. Selecting specific IP addresses to undergo vulnerability management may result in blind spots, which are what ultimately causes these vulnerabilities to slip through the cracks and compromise the security posture of an entire company.
This is a hacker\’s dream, a treasure trove of the most sought after information. Whoever has it, can own Honda\’s network. While it is unclear if this data has already been accessed by someone maliciously, it does highlight a concerning flaw in the security practices of Honda.
If an attacker has already gained access they could use the data to carry out further attacks and gain deeper access to Honda’s networks causing substantial damage.
This incident should be a lesson to organisations that any documents, servers or databases should be secured and at the very least password-protected. What may seem like meaningless logs to an organisation, could actually provide a wealth of opportunity to a skilled and knowledgeable attacker.
This attack is a reminder that, unfortunately, too many organisations are still not getting the cybersecurity basics right. In this case, those basics include providing each critical system with a unique and frequently updated password. What makes this attack particularly troubling is that the information it revealed can potentially give hackers inside knowledge of the company’s security weak points and the ability to launch targeted attacks that exploit those identified vulnerabilities. This is a situation where behaviour analytics technology would be crucial for detecting and stopping abnormal and suspicious activities on the network before data can be stolen.