On March 30th, Applus Technologies detected an unspecified malware incident. While stopping the attack, Applus IT staff had to take systems offline, resulting in emissions checks for eight US states becoming unavailable. Applus has notified its customers and those responsible for performing the inspections of the incident and downtime. An investigation is currently underway by Applus and “independent forensic experts” and it is not currently known when the system will become available again. Although Applus does not specify which states were affected in the notice posted to their website, BleepingComputer lists Connecticut, Georgia, Idaho, Illinois, Massachusetts, Utah and Wisconsin. Vehicle owners currently due for a check are expected to get a temporary pass for expired stickers as Applus updates law enforcement in the affected states.
Applus Technologies has not announced publicly what malware family or type of malware incident occurred. The press release also makes it clear that it is still too early in the investigation to make any claims about whether any user data was compromised. Binary Defense recommends employing a 24/7 SOC monitoring solution, such as Binary Defense’s own Security Operations Task Force to better detect any unexpected behavior and respond quickly before a minor incident grows and becomes a major service outage.