If you operate in the automotive industry or have clients in the automotive industry, you should be aware of a timely and actionable alert that was issued today.
The FBI is reporting evidence of hackers compromising IT networks across the automotive sector using brute force attacks and phishing emails resulting in ransomware infections and data breaches of personally identifiable information. It is the FBI’s assessment that these attacks are likely to increase.
The notification specifically highlights the following risks:
Attacks on company’s web-facing employee logins.
Attacks that exploit unpatched operating systems.
Phishing email messages with infected attachments.
Access to employee email communication due to poorly configured email systems.
Ransomware due to infected email attachments that were opened or malicious links that were clicked.
What you should do:
Ensure your backups are running regularly.
Ensure your backups are running regulary.
Test a backup to ensure you can restore from it.
Enable strong password policies requiring complex passwords that expire at least every 90 days.
Ensure operating systems are patched and currently supported. If you have Windows 7 or Windows Server 2008 operating systems in use, be sure they are replaced no later than January 14, 2020.
Educate employees to never open attachments or click links unless they have personally verified their authenticity by voice.
Implement multi-factor authentication for access to any corporate systems.
Be sure your anti-virus is installed, running and up to date.
Monitor for unusual activity on your network from unknown IP addresses or foreign nations.
Encrypt information wherever and whenever possible.
If you think you may be the victim of a cyber-attack, contact your local FBI field office, which may be located at https://www.fbi.gov/contact-us/field-offices. This is a legitimate link, but feel free to type the URL into your browser to be absolutely certain.