We are only 10 days into 2023 and already a ransomware attacks continue to escalate. San Francisco’s Bay Area Rapid Transit (BART) is investigating an alleged ransomware attack after the Vice Society ransomware gang claimed to have attacked the agency. BART which is the fifth-busiest heavy rail rapid transit system in the US, was listed on the group’s leak site on Friday. The chief communications officer for BART, reported that they are investigating the data that was stolen and posted by the group. “To be clear, no BART services or internal business systems have been impacted,” she said. “As with other government agencies, we are taking all necessary precautions to respond.” Whenever I hear the saying, “to be clear,” is always a defensive statement that something is possibly worse that what is being presented.[1]
Vice Society has listed Bay Area Rapid Transit #BART #Ransomware pic.twitter.com/Wn58CBSdtM — Brett Callow (@BrettCallow) 6 January 2023
The rail industry has seen its fair share of cyberattacks in recent years. In April 2021, New York City’s Metropolitan Transportation Authority, one of the largest transportation systems in the world, was hacked by a group based in China.
While the attack did not cause any damage and no riders were put at risk, city officials raised alarms in a report because the attackers could have reached critical systems and may have left backdoors inside its networks. The same month, the Santa Clarita Valley Transportation Authority was hit with a ransomware attack. In 2020, the Southeastern Pennsylvania Transportation Authority also experienced a ransomware attack.
Just last week, one of the world’s largest rail and locomotive companies announced a data breach that involved troves of employee information following an alleged ransomware attack last summer. Wabtec, which has about 25,000 employees and operates in 50 countries, began sending out breach notification letters on 30 December 2022 letting people know that data was stolen from their systems during a cyberattack they discovered last June.[2]
The US Homeland Security Secretary announced new cybersecurity regulations last year for US railroad operators, requiring them to disclose any hacks, create cyberattack recovery programs and name a chief cyber official. Those regulations expired in December 2022.
The Vice Society ransomware gang has drawn international headlines with attacks on colleges and K-12 schools, including the second largest public school district in the US and several in the UK.
The FBI, DHS’s Cybersecurity and Infrastructure Security Agency (CISA) and other agencies noted in an alert in September 2022 that Vice Society has “disproportionately” attacked dozens of educational institutions over the last year and stepped up its level of attacks in the fall of 2022.
But the group also “continues to focus on organizations where there are weaker security controls and a higher likelihood of compromise and ransom payout,” according to a Microsoft report released in October.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@wapacklabs.com
Weekly Cyber Intelligence Briefings:
- Reporting: https://www. redskyalliance. org/
- Website: https://www. wapacklabs. com/
- LinkedIn: https://www. linkedin. com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://attendee.gotowebinar.com/register/5504229295967742989
[1] https://therecord.media/san-francisco-bart-investigating-ransomware-attack/
[2] https://therecord.media/billion-dollar-rail-firm-confirms-data-breach-after-suspected-ransomware-attack/
Comments