We want to share an alert with you that was received by our CTO, who is a member of the FBI Infragard network, a public/private partnership focused on maintaining the physical and cyber security of our nations critical infrastructure and industry in general. The FBI released a PIN, or Private Industry Notification, to alert the automotive industry to an increase in cyber-attacks.
The FBI has evidence of hackers compromising IT networks across the automotive sector using brute force attacks and phishing emails resulting in ransomware infections and data breaches of personally identifiable information. It is the FBI’s assessment that these attacks are likely to increase.
The notification specifically highlights the following risks:
- Attacks on company’s web-facing employee logins.
- Attacks that exploit unpatched operating systems.
- Phishing email messages with infected attachments.
- Access to employee email communication due to poorly configured email systems.
- Ransomware due to infected email attachments that were opened or malicious links that were
What you should do:
- Ensure your backups are running regularly.
- Test a backup to ensure you can restore from it.
- Enable strong password policies requiring complex passwords that expire at least every 90 days.
- Ensure operating systems are patched and currently supported. If you have Windows 7 or Windows Server 2008 operating systems in use, be sure they are replaced no later than January 14, 2020.
- Educate employees to never open attachments or click links unless they have personally verified their authenticity by voice.
- Implement multi-factor authentication for access to any corporate systems.
- Be sure your anti-virus is installed, running and up to date.
- Monitor for unusual activity on your network from unknown IP addresses or foreign nations.
- Encrypt information wherever and whenever possible.
If you think you may be the victim of a cyber-attack, contact your local FBI field office, which may be
located at https://www.fbi.gov/contact-us/field-offices. This is a legitimate link, but feel free to type the
URL into your browser to be absolutely certain.