Ransomware Stops Car Factory, Phones Spy on Activists and 198M Voters' Info Leak

In case you missed our coverage this week in ThreatWatch, Nextgov’s regularly updated index of cyber breaches: 

WannaCry Ransomware Stops Honda Manufacturing Plant

The global WannaCry ransomware outbreak forced Honda to hit the brakes at one of its vehicle production plants.

Honda Motor Company announced Wednesday it stopped production Monday at its Sayama plant in Japan to address affected networks in Japan, North America, Europe and China, a spokeswoman told Reuters. The company had attempted to secure its networks when WannaCry first popped up in mid-May, she said.

Production resumed at the Sayama plant Tuesday, but it’s a reminder the WannaCry threat persists. At a recent House hearing, cyber experts told lawmakers WannaCry’s ransomware component—the part that locks down files and demands payment—was diffused. The second component—a self-propagating worm—continues to infect systems without further action from its creators.

NSO Group’s Spyware Found on iPhones of Mexican Government Critics

A spyware sold exclusively to governments to track criminals and terrorists was found on the smartphones of human-rights lawyers, anti-corruption activists and journalists critical of the Mexican government, according to The New York Times.

Pegasus software, made by the Israel-based NSO Group, effectively turns a target’s smartphone into a spy in his or her pocket. It can access texts, contacts, calendars and control the camera and mic. The New York Times reported NSO Group code was found on the phones of some of the Mexican government’s prominent critics and their family members, though it said “no ironclad proof” showed the government was behind it.

A government statement “categorically denies” improper use of the spyware, though its agencies have bought $80 million worth of spyware since 2011.

Only governments can purchase the spyware, and by explicit agreement, can only use it to track criminals. But NSO Group can’t enforce that: Once the product is sold, the company doesn’t know how its tools are used or by whom, according to the Times.

Last year, a human rights activist in the United Arab Emirates turned over suspicious texts to a pair of security firms. They found Pegasus spyware on the device—its first discovery “in the wild”—and learned it exploited three iPhone zero days. They pointed to the UAE government as the likely party behind the attempted attack.

Apple quickly issued a patch for the flaws.

198M Voters’ Data Exposed by RNC Contractor

Improperly configured databases exposed 198 million potential voters’ personal information and how they may vote on hot-button issues, allowing anyone with the URL to view the data gathered by analytics firms working on behalf of the Republican National Committee, according to a security firm.

Chris Vickery, a researcher with the security firm UpGuard, discovered 1.1 terabytes of voter information in a publicly accessible cloud June 12, including names, birth dates, home addresses, phone numbers and modeled data, such as ethnicities and religions. It also included likely voter preferences on issues such as stem-cell research and gun control, a Gizmodo report said.   

“The data exposure provides insight into the inner workings of the Republican National Committee’s $100 million data operation for the 2016 presidential election, an undertaking of monumental scope and painstaking detail launched in the wake of Mitt Romney’s loss in 2012,” according to UpGuard post on the incident.

UpGuard said Deep Root Analytics, TargetPoint Consulting and Data Trust compiled the data for the RNC from a variety of sources to help Donald Trump’s presidential campaign.  

“The data accessed was not built for or used by any specific client,” Deep Root Analytics, a media analytics firm that helps target audiences, said in a June 19 statement. “It is our proprietary analysis to help inform local television ad buying. The data that was accessed was, to the best of our knowledge proprietary information as well as voter data that is publicly available and readily provided by state government offices.”

Deep Root Analytics said the data was accessible June 1-14 after Vickery notified regulatory bodies of the discovery.