TORONTO – Cyber criminals appear to be increasing their attacks on the transportation sector, with one of the latest ransomware scams targeting TFI’s Canadian courier divisions.
“Canpar Express was the target of a ransomware attack that impacted some of our systems,” the courier confirmed last week through a message on its website. “We continue to meet most customer shipping needs, and we are not aware of any misuse of client information.”
DoppelPaymer, a known source of ransomware-related malware, appears to be at the root of the attack that leaked a handful of documents along with a threat to release more material.
TFI is not commenting further on this particular attack, but isn’t alone when it comes to threats from increasingly aggressive cyber criminals.
“Transportation is now statistically one of the most vulnerable sectors,” says Katherine Kolnhofer, a partner in the Bell Temple law firm.
Mimecast, an IT security company, identified 3.4 million opportunistic attacks on the transportation industry during 2019, compared to the manufacturing sector that placed a distant second with 2.5 million attacks.
To compound matters, transportation businesses are not keeping pace with technologies to minimize the threats, she said.
Weak cybersecurity practices
“The reason for this is likely cost, but also lack of awareness,” she added during a Wednesday webinar on managing cyber risks. “Overall, the transportation sector needs to improve its cybersecurity practices.”
The cost of falling victim to such an attack can be massive. Maersk lost $300 million in revenue after a June 2017 attack by NotPetya forced the global shipping company to pause its entire operation.
The attacks are not limited to big corporations alone, stressed Shelley Ma, director of digital forensics and incident response at Toronto-based Arete Incident Response. Any business connected to the internet is at risk.
And where criminals once took a “spray and play” approach in the search for any victims, they’re increasingly targeting their activities.
“We’ve seen a surge in aggressive ransomware destruction,” she said, referring to the crime that involves locking victims out of accounts and files unless a ransom is paid.
More trucking vulnerabilities
The growing volume of attacks also comes as fleets are increasingly shifting to digital tools such as GPS tracking and AI-enabled intelligent transportation systems. Each connection introduces a potential vulnerability.
Last month, the FBI warned trucking companies that cyber criminals could even exploit vulnerabilities in electronic logging devices (ELDs).
“ELDs with more advanced telematics functions and a connection to functions such as shipment tracking or dispatching can allow a cyber actor who gains access to an insecure ELD to move laterally into the larger company business network,” it said. That would open the door to accessing financial records or other proprietary data, or opportunities to install malware.
“There’s a wide range of data that’s flowing across the systems,” Kolnhofer said during the webinar, referring to details that range from truck locations to driver IDs.
To compound matters, there has been a push for more paperless transactions in the wake of Covid-19.
The pandemic has led to a “tectonic” shift in the transportation sector, said Kim E. Stoll, a partner in the Fernandes Hearn law firm. This has included the rollout of contact tracing efforts to reach those who may have been exposed to the coronavirus, geofencing to direct trucks to specific dock doors to support physical distancing, and the increasing use of electronic signatures.
Shippers will also demand greater end-to-end visibility in supply chains that proved to be vulnerable during Covid-19, she added.
“In all modes, we need to be getting into the technological aspect… There is no return to normal.”
The nature of attacks can vary. Phishing attacks, for example, probe for the details that can be used to tap into different networks. Websites can grind to a halt in the face of denial-of-service attacks that overwhelm connections. Remote Desktop Services (RDP) attacks exploit a Windows protocol that allows people to access a computer from afar, letting criminals snoop about to see if there’s anything worth taking.
Each attack comes at a cost. The yearly average loss from a single cyber incident in the transportation industry is now valued at around $1 million, Kolnhofer said.
“Even being down operationally for a few days can have devastating effects,” she said, referring to added costs such as the need to pay overtime to make up for delays.
To compound matters, the ransomware attacks that were once limited to Windows operating systems are now extending onto Linux platforms used by operational systems, Ma said.
Kolnhofer recommended investing in cyber insurance, and frequently testing for vulnerabilities. Everyone from the C-Suite on down needs to be educated, she added, also referring to the need to partner and communicate with cybersecurity and legal experts to develop an Incident Response Plan. Due diligence when selecting vendors for tools like ELDs will make a difference as well.
A key tool for protecting against such threats is the use of multi-factor authentication, even though it is sometimes bypassed in the name of efficiency, Ma said. But there is a price to pay for such shortcuts.
“It’s basically like having your front door wide open.”