The Covid pandemic add numerous concerns with the shipment of cargo in many countries. Part of these “concerns” are the drastic increase of ransomware into the IT and OT (operating technology) systems of the transportation sector. Transportation Topics published a recent article regarding the growing transportation targeted ransomware threat. The authors report that ransomware attacks have jumped 715% year-over-year.
United States Tennessee state-based trucking and logistics company Forward Air recently admitted it was hit with ransomware. The transportation firm was allegedly targeted by the Hades ransomware gang. Hades ransomware group is a new threat group, and at this time experts are unable to analyze their tactics and techniques used in recent attack. Some believe Hades ransom note is very much like ones the REvil ransomware group have used in the past. Forward Air was forced to pivot to manual paper processing in the middle of their 2020 holiday shipment surge, disrupting its business operations, delaying customer shipments and theoretically impacting revenue.
This Forward Air incident is just one of numerous examples in the rise of ransomware through in the age of ‘The 2020 Pandemic.’ Even though the traditional Christmas shipping holiday season has ended, the actual shopping season continues with numerous after holiday sales, eastern Christian religion Christmas holiday and soon to be sales opportunities in January 2021. The shipping demand has not really subsided. That is likely a ‘Green Light’ for cybercriminals to maintain and even escalate ransomware cyber hacks into 2021.
Protecting against the ransomware threat: The most important fact in cyber security is to fully understand that network security tactics and procedures cannot prevent all ransomware attacks. Therefore, ransomware attacks are spiking. The human threat element will never be eliminated. Employing and aggressive strategy to protecting your critical systems, applications and data is critical. That means investing not just in your internal data security, utilizing a proactive external collection and analysis program, end-user training, daily data backup and disaster recovery, as well.
Here are some suggested questions your company needs to find answers:
- Have your prime cybercrime targets, many times your business leaders – but operatoers too - received ransomware training, and are they regularly communicating the importance of vigilance across the company?
- Are you regularly conducting ransomware awareness training sessions and phishing simulation testing our team? (Wizer Training is a good option)
- Are you immediately updating software and implementing security patches?
- Do you restrict access to systems and data to only those who absolutely need it?
- Has the company IT team or managed service provider implemented a 3-2-1 backup strategy? (Maintaining three copies of data on two different types of media, one of which is stored offsite for disaster recovery?)
- Does your company have a ransomware crisis plan in place — and did its planning extend beyond your IT team to also include cross-department leadership, including customer service and communications? This is very important and needed to get all employees into a solid cyber security posture.
- Does our IT team regularly test the recoverability of your systems, applications and data?
- Do you perform tabletop exercises (TTX) to ensure you are prepared, and do you ensure you have identified any unknown vulnerabilities?
- Has your company thought of utilizing a proactive approach to protecting you network, BEFORE an attack takes place?
Cyber criminals and state sponsored black hat hackers (APT) have grown very advanced and are leveraging various social engineering tactics and skillfully spoof trusted businesses. Their trade craft makes “urgent” looking emails and web offers received by company employees - nearly irresistible. So, what to do?
- Remain vigilant and look at all emails suspiciously for unsolicited requests for personal data — whether received by call, text or email.
- Verify data requests by placing a direct call to the business using the contact information on its website. Never use contact information provided in the message you received, which will take time and a bit more vigilance.
- Never click links or download files from sources you do not know and trust.
- Never share personal or financial data via email — or click links that request this type information.
- Confirm the website being visited is secure before you share sensitive data. (look for the closed padlock icon and the HTTPS security protocol)
- Look closely at email addresses and URLs for the slight spelling or punctuation changes that signal a source has been spoofed (e.g., firstname.lastname@example.org vs email@example.com)
- Be watchful of generic email greetings from people you know. (if something looks suspicious – it probably is)
- Any data and financial requests from colleagues and friends who would not normally ask for sensitive personal/company data, should be looked at with a jaundice eye. (like the CEO or an executive-level partner you have never met.)
- Never use a flash drive that is not your own or from a trusted source.
Ransomware is the classic example of: “Proactive prevention - being worth a pound of cure.” Compared with recent ransomware monetary demands, taking active measures in cyber security is well worth the time, effort and cost. Ransomware is hitting all critical infrastructure and key resources (CI/KR) sector businesses, to include the Transportation Sector. Internal and external protection, data backups and recovery strategies and continuous cyber security training is not a 100% panacea for total protection but will place you in a much safer cyber security posture.
Red Sky Alliance has been has analyzing and documenting cyber threats and vulnerabilities for over 9 years and maintains a resource library of malware and cyber actor reports. Specifically, our analysts are currently collecting and analyzing the supply chains inside the transportation sector. For many years we have believed the supply chain is the Achilles Heel to the over-all transportation cyber network. Our RedXray tool (see Threat Type charts) can provide transportation companies the needed tool to gather proactive external indicators of compromise – which can be used to blacklist suspicious data.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the lab directly at 1-844-492-7225, or firstname.lastname@example.org
Weekly Cyber Intelligence Briefings: https://attendee.gotowebinar.com/register/8782169210544615949
- Reporting: https://www.redskyalliance.org/
- Website: https://www.wapacklabs.com/
- LinkedIn: https://www.linkedin.com/company/64265941