Tag: learned | Page 2

6 lessons learned about cybersecurity and freight in 2021

January 2, 2022/in Internet Security

It was once again another rough year for cybersecurity and freight. The main reason: ransomware attacks, in which criminals encrypt data and demand payment, sometimes in the millions of dollars, in exchange for unlocking it. Even though the U.S. government has been taking an increasingly aggressive approach to fighting ransomware, the attacks have continued. They hit companies across the supply chain, including trucking, logistics, freight factoring, freight forwarding — and even fuel bunkering. Here’s what we learned along the way

1 Big carriers are still in the crosshairs: The cyberattack on Wisconsin-based Marten Transport in October showed yet again that major carriers continue to be vulnerable. Marten never officially described the incident as a ransomware attack. But the company’s description of it in an SEC filing and the appearance of stolen data on a ransomware gang’s leak site suggest one may have occurred. Sources told FreightWaves that the attack brought down the company’s operations system — something Marten disputes. Regardless of what befell Marten, the incident marked the single largest publicly known cyberattack on a major carrier in 2021.

A graphic illustration of two trucks being unloaded and screen displaying "files encrypted' to illustrate an ransomware attack on a trucking company. — Ransomware attacks can cripple operations at trucking and logistics companies by encrypting the data of vital systems. Increasingly, hackers are stealing data, too. (Emily Ricks/FreightWaves)

2 Ransomware remains the No. 1 threat, regardless of how small you are: Ransomware attacks remain the single biggest cyber threat to transportation and logistics companies. While high-profile incidents like the attacks on Colonial Pipeline and JBS Foods grabbed headlines and the attention of the U.S. government, hackers go after companies of all sizes. In February, the manager of a small carrier with 25 trucks shared his harrowing experience of an attack. The hackers also accessed the carrier’s transportation management system, sending screenshots of it — showing the potential for sabotaging trucking operations. “It was very alarming,” the manager said. “They could have cost that side of the business altogether. It’s scary to think about that.” That level of access isn’t unusual in successful…

Source…

New York Department Of Financial Services Questions Its Regulated Entities On Responses To And Lessons Learned From The SolarWinds Cyberattack – Technology

November 5, 2021/in Computer Security

In December 2020, a cybersecurity company alerted the world to a
major cyberattack against the U.S. software development company,
SolarWinds, through the company’s Orion software product
(“SolarWinds Attack”). The SolarWinds Attack went
undetected for months, as it has been reported that the hackers
accessed the source code for Orion as early as March
2020.¹ Orion is widely used by companies to manage
information technology resources, and according to SolarWinds Form
8-K filed with the Securities and Exchange Commission, SolarWinds
had 33,000 customers that were using Orion as of December 14,
2020.

It is alleged that the SolarWinds Attack was one part of a
widespread, sophisticated cyber espionage campaign by Russian
Foreign Intelligence Service actors which focused on stealing
sensitive information held by U.S. government agencies and
companies that use Orion.² The hack was perpetuated
through SolarWinds sending its customers routine system software
updates.³ SolarWinds unknowingly sent out software
updates to its customers that included the hacked code that allowed
the hackers to have access to customer’s information technology
and install malware that helped them to spy on SolarWinds’
customers, including private companies and government entities,
thereby exposing up to 18,000 of its customers to the
cyberattack.

The New York Department of Financial Services (“DFS”)
alerted DFS-regulated entities of the SolarWinds Attack on December
18, 2020 through the “Supply Chain Compromise
Alert.”⁴ The Supply Chain Compromise Alert included
guidance from the U.S. Department of Homeland Security’s
Cybersecurity and Infrastructure Security Agency, SolarWinds, and
other sources, and reminded the regulated entities of their
obligations under the New York Cybersecurity Regulation
(“Cybersecurity Regulation”), adopted in 2017, which
requires DFS-regulated entities, including New York banks,
insurance companies and producers and other financial services
firms, to develop a comprehensive cybersecurity program, implement
specific cybersecurity controls, assess cybersecurity risks posed
by third-party service providers, and notify the DFS of
“cybersecurity…

Source…

Colonial CEO Defends Hack Response and Offers Lessons Learned

June 8, 2021/in Internet Security

(Bloomberg) — The chief executive officer of the pipeline company hit by a ransomware attack last month apologized to a U.S. Senate panel for the incident that paralyzed the East Coast’s flow of gasoline, diesel and jet fuel, while defending his company’s response and offering tips for future hacking victims.

“We are deeply sorry for the impact that this attack had, but are also heartened by the resilience of our country and of our company,” Colonial Pipeline Co. CEO Joseph Blount Jr. said at Tuesday’s hearing.

Blount’s appearance before the Senate Homeland Security and Governmental Affairs Committee comes as Congress readies its response to the hack, which affected 45% of the East Coast’s fuel supply, driving up gasoline prices and sparking shortages at filling stations after the company shut the roughly 5,500-mile pipeline on May 7.

The senators’ questions for Blount were direct but relatively gentle. Blount was contrite — and sometimes vague — on some details about the company’s cybersecurity protections. When asked about Colonial’s cybersecurity budget, for instance, he said they had spent $200 million on information technology over five years without specifying how much was defending against hacks.

Blount said responding quickly to contain the threat and swiftly communicating with the government were among the most important lessons he learned from the incident.

The hackers, who the FBI said have been linked to a group known as DarkSide operating in Russia, were able to breach the company’s computer system April 29 using a virtual private network — or VPN — account, an encrypted internet connection that allowed employees to remotely access the company’s computer network. Blount testified that the VPN account only had single-factor authentication.

The “legacy” network “was not intended to be in use,” said Blount, who took over as Colonial CEO in 2017. He added that the company is still trying to determine how the hackers gained the needed credentials to exploit it.

Senator Rob Portman, a Republican from Ohio and the ranking member on the committee, called out this failure. “Mr. Blount you’re a victim, and we understand that,”…

Source…

Lessons Learned from the Vaccine Supply Chain Attack | Supply Chain Risk Management

January 16, 2021/in Internet Security

Like legitimate businesses, threat actors develop strategies and tactics to achieve their goals by taking advantage of security vulnerabilities. Before the December 2020 attack, confirmed by Pfizer, BioNTech and the European Medicines Agency, the hackers did reconnaissance in order to launch a spear-phishing email campaign. As attackers “try, try and try again” to get their hands on sensitive data, organizations must pay attention to cybersecurity basics to improve supply chain protection.

According to , office document phishing skyrocketed during the second half of Q3. In both a sensitive situation, like an election, or during ‘business as usual’, a lack of employee cybersecurity awareness offers a path of least resistance for attackers to infiltrate an organization through methods involving phone, text or email. Spear phishing, the highly targeted form of phishing, includes familiar names, words, phrases and calls to actions, knowing that a recipient is more likely to trust the source.

A click on a malicious email usually does one of two things. It injects something, likely a botnet, into the environment, or it downloads ransomware. A botnet gives hackers control over the computer, so attackers can monitor the environment and gather intelligence in a “slow as you go” way, honing in on the right person and computer for ransomware purposes.

From a cybersecurity perspective, phishing attacks are an insider threat risk. If personnel are unaware of cyber-hygiene, they’re unaware of the threat they pose.

Impacts on Vaccine Development and Distribution

Successful attacks on supply chains disrupt critical infrastructure by redirecting information and modifying logistics. Attackers wage ransomware attacks at institutions that have the financial resources to pay ransoms.

breaches are financially motivated. A single successful intervention through an executive, researcher, scientist, manufacturing line worker, vendor employee or clinic/hospital worker, can unintentionally provide a big payday for attackers. With more companies racing to mass-produce and distribute vaccines, comes more opportunities for assailants to cash in.

A breach can influence vaccine viability…

Source…

Tag Archive for: learned

Impacts on Vaccine Development and Distribution