Transportation Vulnerabilities

12423995099?profile=RESIZE_400xThe use of computers has significantly improved the transportation industry over the past few decades. Digitizing documents, automating payments, and storing information in a central location has streamlined processes and made the job easier at all levels.  Unfortunately, it has also opened up the industry to cyberattacks from hackers and other forms of cybercrime.  These attacks are designed to take money or information from a company or otherwise disrupt its operations.  A 2021 study showed that cyberattacks against transportation companies experienced a 186% increase between June 2020 and June 2021.[1]

As the number of employees working from home has continued to grow over the past few years, these threats are expected to increase.  Many of these employees have lax security standards on their home WiFi networks that would not be present if they were in the office.  Since remote work isn't going away, all employees in a company must receive proper training to safeguard information and systems.

This guide shows the most common types of cyberattacks of which industry leaders and IT professionals should be aware and how to safeguard essential systems to prevent such an attack from achieving its desired effects.

DoS and DDoS Attacks - The Denial of Service (DoS) and Directed Denial of Service (DDoS) share a primary goal, which is to prevent access to the system by overloading it with requests.  The system, unable to handle the large volume, shuts itself down. According to a 2022 survey, 20% of businesses with over 50 employees in 26 different countries reported being victims of a DoS or DDoS attack in the past year.

This means that a company's maps, data, communications, and nearly every other computer server-based process or application can be rendered unavailable.  In fact, the entire system can be thrown into chaos and could cost the company thousands of dollars in spoiled products or cause an inexperienced driver to panic or make mistakes.

There are several ways to counter such an attack, but the most common is to install network monitoring software and block repeated requests from the same IP address. There are also AI solutions that can anticipate threats and dispatch them before they can pose a problem.

MITM Attack - A "Man in the Middle" (MITM) attack involves a hacker intercepting communications between two parties and changing important information for their own gain. For example, imagine a company sends a client a message that requests they wire payment to the company's bank account.  A hacker could receive this message, replace the company's bank account with their own, and then potentially walk away with tens of thousands of dollars.

The best way to counter an MITM attack is to ensure that all communications sent are the same as those received. Encryption methods like authentication certificates can be built into email software, confirming whether or not that is the case.  If you don't mind an old-fashioned solution, employees can call recipients of important emails to confirm the contents haven't been altered.

Although they aren't often discussed in terms of cybersecurity countermeasures, data shows that MITM attacks make up 19% of cybersecurity threats and cost businesses over $2.4 billion every year.  Worse, only 10% of businesses are prepared for these attacks.

Phishing Attack - A phishing attack usually looks like an email from someone you know, like a client or a supplier.  However, it's actually an attempt by a hacker to get personal information, like passwords or credit card information.

The easiest way to prevent phishing attacks is by carefully double-checking the sender's email address for every piece of email received.  Hackers won't be able to perfectly duplicate the sender's address but will do their best to make it look close enough.  For example, if you're expecting an email from "IndianaJones@gmail.com" and the address line reads "1ndianaJones@gmail.com", you might not notice that the "I" has been replaced by a "1" at first glance.

Phishing attacks are on the rise and, in 2022, cost Americans over $40 billion, according to a report by anti-mobile spam company TrueReport.

Ransomware - Ransomware is an insidious form of attack where a hacker accesses a system and then threatens to either delete or release the proprietary or financial data publicly or on the dark web unless the system owner pays the ransom, which can be tempting but there's no guarantee that the hackers will keep their word. It also encourages future bad actors to target the company as they know they're likely to get money.

According to Zippia, ransomware attacks occur every 11 seconds around the world, increased 80% from 2021 to 2022, and cost companies over $160 billion in payouts and lost revenue due to downtime. For transportation companies, these costs can be devastating and even result in bankruptcy.

Brute Force Attack - A brute force attack is designed to try every possible combination of numbers, letters, and special characters until it finds the right password that allows the hacker to access the system.  They start with common passwords like "password" or "123456" and eventually use what's known as a "dictionary attack", where they guess every possible word.  That's why most websites require numbers and special characters, as it slows down a potential brute-force attempt.

These can be slowed down by limiting the number of attempts before access is restricted for a period of time like 15 minutes or an hour.  If the hacker is determined enough to resume after the account is restored, additional steps like enabling multi-factor authentication that requires a user to press a button on their mobile device or answer a phone call to verify their identities may be necessary.  Brute force attacks are responsible for roughly 5% of all data breaches.

Malware - Malware is an all-encompassing term that includes any harmful software, virus, trojan horse, or other piece of computer programming code that is designed to allow unauthorized access to hackers. It can easily be combined with other cyberattacks, like phishing. For example, a hacker could send an email on a Friday afternoon that appears to be from a supplier asking that the transportation company download its new inventory software.

When the software doesn't work, the employee calls his contact at the supplier and states that the software won't open. The supplier is understandably confused as he never sent any emails about a new program and says his company has no plans to upgrade its software. The employee decides to tell the boss on Monday but returns to the office to find that the company's proprietary information has been stolen by hackers.

According to a 2019 report, a single malware attack costs companies an average of $2.6 million.  As the attacks have become more sophisticated and targeted in recent years, that number is likely to be much higher today.

Transportation Industry Security - If a truck does not have properly protected online systems, it can become seriously vulnerable to hackers.  These hackers can access the truck from hundreds of miles away and take over the system.  One way they can do this is by pointing an antenna at the truck, catching on to the right radio frequency signal, putting diagnostic messages on the trailer network, and causing the brakes to lock up.  This causes intense danger to the driver and everyone around him on the road.  This can be especially dangerous if the truck's cargo is hazardous.

Thankfully, there are solutions to protect transportation companies from cyberattacks.  First, maintaining proper cybersecurity procedures at all times will significantly reduce the risk of hackers being able to inflict damage.  Policies should be strictly outlined and employees at all levels, from CEO to janitor, should receive proper training and certifications on how to protect themselves and the company from cybercriminals.

For example, topics that should be covered include not giving out information over the phone to unknown parties, which can be used to guess passwords and figure out the computer system's weak points.  All passwords should be difficult to guess (i.e., no birthdays or anniversaries) and should have numbers and/or special characters to slow down hackers attempting brute-force attacks.

Another important step is making sure that all company computers and programs receive software updates as soon as possible after they become available.  These software patches prevent known system vulnerabilities that a hacker could be able to exploit.  Approximately one-third of all data breaches are caused by issues that should have already been patched out, according to IT professionals.

Attack Response Plans - It's important to have an attack response plan in case a threat is detected. Without one, even the most seasoned IT professional can panic, underestimate the situation, or forget a crucial step that allows the hackers to succeed.

A good attack response plan will have specific step-by-step instructions for all major types of attack, like those listed above.  For example, something like, "In case of a Ransomware attack:

  • Notify management that a ransomware attack has taken place (Depending on the company and time of day, it could be a supervisor or the CEO)
  • Do not negotiate with the hackers. Send no reply
  • Have someone bring over the offsite backups from the Data Warehouse on Elm Street and load the files onto the backup server unit
  • Change all access passwords for the server
  • Physically unplug the ransomed servers and replace them with the backup units
  • Restore service and monitor all incoming traffic for potential threats

The actual steps will vary depending on the exact situation but having a step-by-step guide is crucial to protecting company information and assets.  Even if the company uses software designed to prevent attacks, it's still vital to have a written action plan to prepare for all possible scenarios should those fail.

This article is presented at no charge for educational and informational purposes only.

Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization.     For questions, comments, or assistance, please get in touch with the office directly at 1-844-492-7225 or feedback@redskyalliance.com    

Reporting: https://www.redskyalliance.org/
Website: https://www.redskyalliance.com/
LinkedIn: https://www.linkedin.com/company/64265941

Weekly Cyber Intelligence Briefings:

REDSHORTS - Weekly Cyber Intelligence Briefings

https://attendee.gotowebinar.com/register/5993554863383553632

[1] https://nmfta.org/most-dangerous-cyber-attacks-in-the-transportation-industry/

E-mail me when people leave their comments –

You need to be a member of Red Sky Alliance to add comments!