Tag: Port | SpinSafe

Lockbit 3.0 Claims Credit for Ransomware Attack on Japanese Port

July 14, 2023/in Internet Security

After a ransomware attack shuttered operations at container terminals at the Port of Nagoya in Japan, the Lockbit 3.0 ransomware gang claimed responsibility and demanded the port pay up.

The attack on the port, which is responsible for 10% of the country’s cargo trade and is used by companies like Toyota Motor Corporation, was attacked on July 4, 2023, forcing the suspension of all container trailer operations, according to a notice from the Nagoya Harbor port authority.

The port authority said at the time it was working tirelessly to get the Nagoya Port Unified Terminal System (NUTS) back up and restart operations quickly. While authorities did not name perpetrator in the attack, Lockbit 3.0 eventually claimed credit.

“This incident at the Port of Nagoya highlights the serious vulnerabilities that critical infrastructure faces in the digital age,” said Craig Jones, vice president of security operations at Ontinue.

“Ransomware attacks are a growing concern for both private corporations and public entities, and this case underscores the potential for significant disruption to essential services and supply chains,” said Jones. “It’s clear that such attacks not only pose security risks but also can have considerable economic impacts.”

He added that since “the Port of Nagoya is Japan’s busiest port, handling approximately one-tenth of the country’s total trade volume, the effects of this disruption are likely to be far-reaching and could possibly ripple through the global economy.”

It could also have resounding and profound effects on a supply chain already marked by unprecedented disruption. “The impact may be especially significant considering the current global supply chain issues already exacerbated by the COVID-19 pandemic,” Jones said.

The security community is well-acquainted with Lockbit 3.0, the pro-Russian cybercriminal gang that said it was behind the attack on the port. “Lockbit 3.0, also known as Lockbit Black, represents a new era of ransomware sophistication. The Cybersecurity and Infrastructure Security Agency (CISA) previously warned about its modular and evasive nature, drawing similarities with other notorious ransomware variants such as…

Source…

Hackers steal $420K from Port of Louisiana; the Mississippi River port is beefing up security | News

November 2, 2022/in Internet Security

The Louisiana state agency overseeing one of America’s largest ports by volume suffered a cyber-attack in last year that cost it more than $420,000, a newly public audit has found.

Auditors for the Port of South Louisiana said the cyber-attack led to the money being misappropriated. Port officials have been able to recoup about $250,000 through insurance and are filing paperwork to seek more reimbursement.

The agency has a budget of about $15 million a year.

A new annual audit, which covered the fiscal year ending on April 30, 2022, disclosed the theft but offered few details about what the hack was, when it happened or if any arrests had been made.

But port officials’ response to the auditors offered some clue.

Officials told auditors that they were training employees to protect against future attacks and have started “a third-party verification process” for vendors seeking payment that includes “verifying information through a phone call with a representative of the requesting vendor.”

Micah Cormier, spokesman for the port, said Wednesday the port would not offer more details “because making that information public will make the port vulnerable to another attack.”

The port hired Evalv IQ, a firm with expertise in cybersecurity. The company has completed “a cyber audit” that did not turn up “an active or live breach within 2022,” Cormier said.

“There were minor network vulnerabilities that have been corrected,” he said.

Separately, in September, port officials also announced they have received a nearly $1 million grant from the Federal Emergency Management Agency to improve the state agency’s cybersecurity and other security measures.

The grant award wasn’t directly related to the cyber-attack, Cormier said, but reflected a broader decision to respond seriously to rising security risks.

“This is becoming a bigger threat across the country and the world. This is just for simply locking down our vulnerabilities and hardening our infrastructure here, so we can make it better and prevent it from happening,” he said.

The FEMA dollars are expected to beef up not only cyber security technologies and monitoring but also geographical software systems.

With the…

Source…

QNAP urges customers to disable UPnP port forwarding on routers

April 19, 2022/in Internet Security

QNAP

Taiwanese hardware vendor QNAP urged customers on Monday to disable Universal Plug and Play (UPnP) port forwarding on their routers to prevent exposing their network-attached storage (NAS) devices to attacks from the Internet.

UPnP is a set of insecure network protocols with no encryption and authentication that comes with support for peer-to-peer communications between devices.

It also allows them to dynamically join and leave networks, obtain IP addresses, advertise their capabilities, and learn about other UPnP devices on the network and their capabilities.

UPnP Port Forwarding allows network devices to communicate seamlessly and create groups for easier data sharing.

“Hackers can abuse UPnP to attack through malicious files to infect your system and gain control. Despite its convenience, UPnP may expose your device to public networks and malicious attacks,” QNAP said today.

“It is recommended that your QNAP NAS stay behind your router and firewall without a public IP address. You should disable manual port forwarding and UPnP auto port forwarding for QNAP NAS in your router configuration.”

As options for those who need access to NAS devices without direct access to the Internet, QNAP recommends enabling the router’s VPN feature (if available), the myQNAPcloud Link service, and the VPN server on QNAP devices provided by the QVPN Service app or the QuWAN SD-WAN solution.

Internet-exposed NAS devices at risk

QNAP also warned customers in January to secure their NAS devices immediately from active ransomware and brute-force attacks.

The company asked users to check if their NAS is accessible over the Internet and take the following measures to defend them from incoming compromise attempts:

Disable the Port Forwarding function of the router: Go to the management interface of your router, check the Virtual Server, NAT, or Port Forwarding settings, and disable the port forwarding setting of NAS management service port (port 8080 and 433 by default).
Disable the UPnP function of the QNAP NAS: Go to myQNAPcloud on the QTS menu, click the “Auto Router Configuration,” and unselect “Enable UPnP Port forwarding.”

QNAP also provides step-by-step instructions on disabling SSH and Telnet…

Source…

Hackers breached computer network at key US port but did not disrupt operations

September 24, 2021/in Computer Security

Originally Published: 23 SEP 21 17:26 ET

Updated: 23 SEP 21 18:35 ET

By Sean Lyngaas, CNN

(CNN) — Suspected foreign government-backed hackers last month breached a computer network at one of the largest ports on the US Gulf Coast, but early detection of the incident meant the intruders weren’t in a position to disrupt shipping operations, according to a Coast Guard analysis of the incident obtained by CNN and a public statement from a senior US cybersecurity official.

The incident at the Port of Houston is an example of the interest that foreign spies have in surveilling key US maritime ports, and it comes as US officials are trying to fortify critical infrastructure from such intrusions.

“If the compromise had not been detected, the attacker would have had unrestricted remote access to the [IT] network” by using stolen log-in credentials, reads the US Coast Guard Cyber Command’s analysis of the report, which is unclassified and marked “For Official Use Only.” “With this unrestricted access, the attacker would have had numerous options to deliver further effects that could impact port operations.”

The Port of Houston is a 25-mile-long complex through which 247 million tons of cargo move each year, according to its website.

It’s unclear who was behind the breach, which appears to be part of a broader espionage campaign. When asked about the incident at a Senate hearing on Thursday, US Cybersecurity and Infrastructure Security Agency Director Jen Easterly said she believed a foreign government-backed hacking group was responsible.

Attribution of cyberattacks “can always be complicated,” Easterly told the Senate Homeland Security and Governmental Affairs Committee. “At this point in time, I would have to get back with my colleagues, but I do think it is a nation-state actor.”

“The campaign thus far is limited, but we’re continuing to work through it and I’m happy to keep you apprised,” she told lawmakers.

The Coast Guard’s analysis did not mention a foreign government or the Port of Houston, but Easterly…

Source…

Tag Archive for: Port

Internet-exposed NAS devices at risk