Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Automobiles. Show all posts

Kawasaki Ransomware Attack: 500 GB Alleged Data Leaked, RansomHub Claims

Kawasaki Ransomware Attack: 500 GB Alleged Data Leaked, RansomHub Claims

In a recent ransomware attack that hit Kawasaki Motors Europe (KME), the company has confirmed that it suffered the breach causing major service disruptions as threat actors threatened to leak the data. 

“At the start of September, Kawasaki Motors Europe (KME) was the subject of a cyberattack which, although not successful, resulted in the company’s servers being temporarily isolated until a strategic recovery plan was initiated later on the same day," KME said in a statement.

RansomHub Behind Leak

RansomHub, an infamous Ransomware-as-a-Service (RaaS) has leaked 478GB of data which the group claims belongs to the KME website,  after the attack. Important business documents were exposed- dealership details, internal communications, banking records, and financial info.

Threat actors posted the exposed data on their extortion site on the dark net, suggesting that KME didn’t agree to pay the ransom demanded by RanHub.

RansomHub has become popular after its creation in February 2024, it is now one of the most efficient RaaS groups, it was responsible for 75 ransom attacks in Q2 of 2024. RansomHub’s victims include high-level targets like Planned Parenthood and Change Healthcare.

To warn about the attacks, the US Cybersecurity and Infrastructure Agency (CISA) issued an advisory, highlighting indicators of compromise (IoC) to combat the threat of potential targets.

Rising Ransom Demands 

With a significant increase in the number of RaaS, the ransom demand trend is also rising. A threat actor demands a shocking $1.5 million in return for a victim’s stolen data. In 2023, the ransomware number was a mere $200,000, which shows the dominance of ransomware groups and the harm they cause to an organization. 

How to Combat Ransomware Attacks?

Adopting a proactive cybersecurity plan can help a business address future threats and take measures to mitigate risks, reducing the threat of future attacks. 

A strong incident response plan can reduce the impact of a ransomware breach. It should have a framework for a plan of action for a possible attack, this can include a data recovery process, legal aspects, and communication protocols. 

Human error is one of the leading causes of breach, but employee training and awareness helps to identify threats and respond accordingly. 

Data Highways: Navigating the Privacy Pitfalls of New Automobiles

 


There is a possibility that these vehicles may be collecting vast amounts of information about their users that can be accessed by advertisers, data brokers, insurance companies and others, and that information could be shared with several companies including advertisers, data brokers, and insurance companies. 

Privacy experts believe users may want to hold off on getting all the connected accessories that come with new cars to protect their data. From the beginning, tech companies have known that data can be sold for dollars, so they have been collecting all the information possible for them to sell it to their highest bidder. 

Data sharing between users' cars is a long-standing practice, but it seems their part is much bigger than most people would suspect; in fact, it might even be the biggest seller of users' data. Car companies sometimes allow consumers to adjust the connectivity settings, and drivers can read about how that is done in their car's privacy policy, but there are times when it is not possible to turn off all data sharing. 

As connected cars become more prevalent, advocates of consumer data privacy are raising concerns about their proliferation, and their proliferation is raising alarms regarding their proliferation. The Counterpoint Technology Market Research report estimates that by 2030, more than 95% of passenger cars sold will have embedded connectivity. As a result, car manufacturers can now offer safety and security functions, predictive maintenance functions as well as prognostic capabilities. 

Although this is a good thing, it also opens the door for companies to collect, share, or sell personal information such as driving habits and other personal information that people may not wish to share publicly. Although most auto manufacturers offer the option of opting out of unnecessary data sharing, according to Counterpoint senior analyst Parv Sharma, these settings are often hidden within menus, as they are with many other consumer technologies that make a profit by selling data. 

By 2030, McKinsey reported that a variety of use cases for car data monetization could generate an annual revenue stream of $250 billion to $400 billion for automakers. It is true that there may be valid reasons for collecting information about a driver or vehicle for safety and functional purposes, and that certain essential services, such as data sharing for emergency and security reasons, may not be feasible or prohibitive to opt out of. 

In the world of predictive maintenance, there are many reasons why manufacturers are releasing more data, one of which is that manufacturers can use it to determine if a particular part they use in their fleet has a tendency to fail before they expected it, which is why a recall is issued, according to James Hodgson, a director of smart mobility and automotive research at global technology intelligence firm ABI Research. 

Despite this, there are growing concerns regarding privacy issues, especially as car companies get into the insurance business themselves, and as they share driver data with insurers. For instance, insurance carriers could report driving habits and car usage details to data collectors, who could then share them with them to determine rates. 

There is a new type of insurance, referred to as usage-based insurance, offered by Progressive and Root, which offers drivers the possibility of earning lower rates as a result of allowing insurers to install devices in their vehicles that track their driving patterns. To gain a better understanding of the data collected by the automobile manufacturer, consumers might want to read over its privacy policy.

In addition to their cars, consumers also have access to radio apps, GPS navigation, and On-Star services that all have their own privacy and data collection policies, Caltrider said. Although there are no federal laws regulating the privacy of personal information, some states have adopted legislation that addresses this issue. 

There are various regulatory efforts underway to understand carmakers' data-sharing practices and reign in possible violations of privacy, but Michigan isn't one of them. The state does have a more limited set of consumer privacy laws in place, but Michigan isn't one of them. In July 2023, the California Privacy Protection Agency's enforcement division announced that it would be conducting a review of the connected vehicle industry. 

A spokesperson declined to comment further, however, saying that the investigation is underway. A federal action could be taken against carmakers if they use data to share with other companies. According to Zweifel-Keegan, basic disclosure of a company's data practices will not always be sufficient to avoid the Federal Trade Commission's enforcement actions. Increasingly, the issue is receiving broader attention. 

Senator Edward J. Markey (D-Mass.), a member of the Senate Commerce, Science, and Transportation Committee, sent letters to 14 car makers in December asking them to ensure that privacy protections are implemented and enforced in their cars. As Hodgson pointed out, the best-case scenario for automakers and consumers might be that as consumer awareness grows, more carmakers will use stricter data privacy practices as a marketing tool, similar to how Apple makes its products stand out from its competition. 

A lawsuit against GM has been filed on behalf of consumers. GM, who is facing a lawsuit, says it has stopped sharing driver data with insurance brokers who work with insurance companies to avoid the lawsuit. There was a press release from GM, which stated, "Customer trust is very important to us, and we are continuously evaluating our privacy policies and procedures to protect it.".