Tag Archive for: johnson

The ELD Hacking Threat: Q&A with Serjon’s Urban Johnson – Safety & Compliance



ELDs are an easy gateway for hackers to get into a fleet's IT network and do major damage, warns Serjon's Urban Johnson.  -  HDT Graphic/Serjon headshot

ELDs are an easy gateway for hackers to get into a fleet’s IT network and do major damage, warns Serjon’s Urban Johnson.

HDT Graphic/Serjon headshot


Did you know your fleet’s electronic logging devices may be vulnerable to hackers?

It’s true. Serjon, a cybersecurity firm specializing in fleet transportation security, held a press conference during the Technology & Maintenance Council annual meeting in New Orleans in early March. Urban Johnson, senior vice president, information technology and cybersecurity services for Serjon, briefed media on the threats facing fleets with compromised ELDs.

ELDs are essentially communication devices used to record and report truck driver hours of service. Due to certain technical requirements of the regulations, ELDs require the ability to “write” messages to the truck’s network to obtain information, such as engine hours. The ELD also requires internet access to report the HOS information.

This creates a truck network-to internet communication bridge that introduces significant cybersecurity concerns.

We sat down with Johnson to learn more about this new cybersecurity threat to North American fleets and what they can do to protect themselves. (This interview has been lightly edited for clarity)

HDT: Many fleets aren’t aware that ELDs can be hacked. Talk a little about how hackers can gain access to an ELD.

Johnson: Different ELD vendors use different designs to deliver the functionality required by the ELD mandate. A common design is a hardware device that connects to the vehicle’s on-board diagnostics (OBD) port and then uses a Bluetooth or Wi-Fi connection to a cellular device, such as a tablet or cellphone, to collect the ELD information and report it.

That ELD information can be attacked by hackers locally (close to the truck) or remotely across the internet.

In a recent paper presented at VehicleSec’241, the researchers were able to compromise an ELD device locally by simply connecting to the ELD Wi-Fi connection point, which had a predictable SSID [network name] and a weak default password….

Source…

Johnson Controls Ransomware Cleanup Costs Top $27M & Counting


Johnson Controls International (JCI) spent $27 million remediating a September 2023 ransomware attack on its systems — an attack that government officials warned at the time could threaten physical security.

According to a filing with the US Securities & Exchange Commission (SEC) this week, the building automation, HVAC, and fire protection giant uncovered the attack the weekend of Sept. 23, after receiving reports of system outages. It was a ransomware hit that locked up internal IT infrastructure and allowed assailants to exfiltrate company data.

The filing didn’t mention which gang JCI determined to be behind the cyberattack, but at the time researchers attributed it to Dark Angels using a custom VMware ESXi encryptor.

“The company implemented its incident management and response plan and business continuity plans, including implementing remediation measures to mitigate the impact of the incident and restore affected systems and functions,” JCI noted in the SEC filing, adding that the $27 million price tag for the effort takes into account cyber insurance payouts, and includes the cost of retaining outside cybersecurity specialists.

The filing noted that the investigation and remediation efforts remain ongoing, “including the analysis of data accessed, exfiltrated or otherwise impacted during the cybersecurity incident,” and expects to spend more on the recovery as a result.

Contrary to fears floated by the Department of Homeland Security after the attack, JCI also said that there is “no evidence of any impact to its digital products, services, and solutions including OpenBlue and Metasys,” referring to its smart-building and AI-enabled lines of business, which are often deployed in industrial settings and bring operational technology (OT) together with IT systems.

Source…

CDOT, CDPS and CSP celebrate opening of new, updated Eisenhower Johnson Memorial Tunnels Traffic Operations Center


Statewide – Coloradans have experienced its first taste of snow in October, officially marking the start of the winter driving season. This year, the Colorado Department of Transportation is adding more to its arsenal to help keep traffic moving and travelers safe, especially along the Interstate 70 Mountain Corridor, by opening a new, updated Operations Center at the Eisenhower Johnson Memorial Tunnels and maintenance garage bays.

“We are now approaching an almost $2 million hit to the economy for every hour the I-70 Mountain Corridor is closed,” said Shoshana Lew, CDOT’s Executive Director. “Not only do closures delay important deliveries and transportation of goods, it also has a real impact on the livelihood of our travelers, which cannot be summed up by a figure. It is important to CDOT to do everything we can to alleviate those impacts and ensure a quick clearance of incidents along the interstate, which is why we invested in updating our technology at the Operations Center and constructing a new maintenance facility at the Eisenhower Johnson Memorial Tunnels.”

While an Operations Center inside the Eisenhower Johnson Memorial Tunnels has already existed for decades, the technology within the Center needed to be updated to improve response times and safety. Upgrades include replacing decades-old copper wires, installing fiber optic cables, putting up new cameras and screens, all of which will increase the speed and quality of the Center’s monitors inside the new building. Quality is imperative as it helps CDOT’s Operators see if there is something in the road that needs to be cleared or get more details on an incident.

“The new cameras and monitors will allow us to zoom all the way into the roadway, up to two miles away from the tunnels, to detect even small debris such as nails,” said Lew. “This allows our crews to remove it from the roadway before it becomes a hazard to motorists. We are also able to zoom in on incidents to better document and report what is going on. We will be able to see how many passengers are in a vehicle, license plate numbers and more. This helps aid our first responders, including CDOT maintainers, as they respond to an incident…

Source…

Johnson Controls Suffers Ransomware Attack


Cybercrime
,
Fraud Management & Cybercrime
,
Incident & Breach Response

Also, New Malware Targets New Bitwarden Users

Breach Roundup: Johnson Controls Suffers Ransomware Attack
Image: Shutterstock

Every week, Information Security Media Group rounds up cybersecurity incidents and breaches around the world. This week: Johnson Controls suffers a ransomware attack, the Philippine state health insurance program struggles to recover from a ransomware and Air Canada reports a cyberattack. Also: an APT group uses the American Red Cross as bait, new malware targets would-be users of Bitwarden, and the U.S. Department of Homeland Security kicked off a conference for Latin American cybersecurity.

See Also: Live Webinar | Cyber Resilience: Recovering from a Ransomware Attack


Johnson Controls Suffers Ransomware Attack

Global smart building and security systems maker Johnson Controls faces a major cybersecurity incident, it disclosed in a regulatory filing. “The incident has caused, and is expected to continue to cause, disruption to parts of the Company’s business operations,” it told the U.S. Securities and Exchange Commission.

Bleeping Computer reports the incident appears to be a ransomware attack from a recently-formed criminal group calling itself “Dark Angels.” The group is demanding $51 million, the outlet says.

The attack affects subsidiary brands, affecting operations. Some systems are offline, and the company is working to mitigate risks. Johnson Controls subsidiaries such Simplex and Ruskin, have displayed technical outage messages on their websites. “We are…

Source…