Tag Archive for: Transit

GO Transit website taken offline ‘out of abundance of caution’ due to cyber threat

/in


GO Transit’s website has been taken offline “out of an abundance of caution” due to an ongoing cyber threat that is impacting web services worldwide.

On Friday evening, transportation agency Metrolinx says it was informed by the federal government about a cyber vulnerability regarding web-based services around the globe.

“As an organization, we immediately took proactive steps and began methodically searching our systems to ensure our customers and services are secure and protected,” a statement from Metrolinx read on Friday.

“Out of an abundance of caution, we have decided to proactively take down the GO Transit website until we learn more about this vulnerability.”

Metrolinx says it does not believe any of its websites or assets were exploited or compromised.

The agency says all customer, personal, and financial data systems (including PRESTO) are secure and the safety of the transit network “remains intact.”

“We have strong protections, testing, and monitoring in place – which is why we’re taking the proactive and precautionary step. We are continuing to monitor this incident,” the statement read.

Customers can still plan their GO trips using Triplinx and buy e-tickets at: tickets.gotransit.com.

Customers can also call GO Transit’s customer contact centre for more information and are encouraged to follow GO Transit on Twitter and to check their emails for On-The-GO-Alerts.

On Friday, the Canada Revenue Agency (CRA) also proactively took its systems offline due to the security vulnerability.

“There is currently no indication that CRA systems have been compromised, or that there has been any unauthorized access to taxpayer information because of this vulnerability,” the CRA tweeted Friday night.

Experts say the bug might be the worst computer vulnerability discovered in years.

The vulnerability…

Source…

Toronto Transit Commission still recovering from ransomware attack

/in


IT staff at the Toronto Transit Commission (TTC) were still dealing with the effects of a ransomware attack on Saturday afternoon, approximately 40 hours after suspicious network activity was detected.

Asked if the TTC has determined how the attack started, and identified the strain of ransomware involved, Shabnum Durrani, head of corporate communications said, “We are still looking into the situation.”

She stressed that the impact on the bus and subway service of the nation’s biggest transit system so far has been minimal, although its Vision communications system used to communicate with drivers, has been knocked offline. Operators have been forced to communicate with Transit Control with radios.

In addition, those needing to use the Wheel Trans van service for transit can’t book online. Instead they have to phone to reserve pickup.

Also offline is the TTC ‘next vehicle’ information service, which displays when the next bus or subway train will arrive on platforms and on trip planning apps.

The TTC’s internal email service is also offline. Durrani couldn’t say if the attackers were able to copy emails of employees, nor could she said if any corporate data was copied. These issues are still being investigated, she said.

Durrani also wouldn’t say if the TTC has been in contact with the attackers. “I cannot comment on that at this time,” she said.

When asked if the TTC has brought in more IT resources to help investigate and restore service, she said the commission is working with other partners, and on the question of whether the Ontario government has been asked for help, she responded that “all levels of government are aware of the situation. We are working with the Toronto Police.”

She added, “The TTC has business continuity plans in place, but as you know, cyber attacks are evolving very quickly.”

Not the first attack on a transit system

A number of transit systems have been impacted by ransomware in recent years, noted Brett Callow, a British Columbia-based threat analyst for Emsisoft. These include British Columbia’s TransLink which was hit with a $7.5 demand late last year.

In 2016 San Francisco’s transit system was hit by ransomware,…

Source…

Security Experts Warn of Apple Pay Express Transit Hack That Enables Large Unauthorized Visa Payments From Locked iPhones

/in


Researchers in the U.K. have demonstrated how large unauthorized contactless payments can be made on locked iPhones by exploiting Apple Pay’s Express Transit feature when set up with Visa.

apple pay express transit london
Express Transit is an ‌Apple Pay‌ feature that allows for tap-and-go payment at ticket barriers, eliminating the need to authenticate with Face ID, Touch ID, or a passcode. The device does not need to be wakened or unlocked to use Express Transit.

Computer Science researchers from Birmingham and Surrey Universities demonstrated to the BBC how the attack works by exploiting a weakness in the Visa contactless system through the use of a small piece of commercially available radio equipment, which is placed near the phone and masquerades as a ticket barrier.

An Android phone running an app developed by the researchers is used to relay signals from the iPhone to a contactless payment terminal and modifies the communications to fool the terminal into acting as if the ‌iPhone‌ has been unlocked and a payment authorized.

In demonstrating the attack, researchers made a contactless Visa payment of £1,000 from a locked ‌iPhone‌. The scientists only took money from their own accounts. The researchers said the Android phone and payment terminal used don’t need to be near the victim’s ‌iPhone‌ as long as there’s an internet connection.

Apple told the BBC the matter was an issue with the Visa system.

“We take any threat to users’ security very seriously,” said Apple. “This is a concern with a Visa system but Visa does not believe this kind of fraud is likely to take place in the real world given the multiple layers of security in place. In the unlikely event that an unauthorized payment does occur, Visa has made it clear that their cardholders are protected by Visa’s zero liability policy.”

The researchers said the attack might be easiest to deploy against a stolen ‌iPhone‌, although there’s no evidence that the hack has been used in the wild. Visa said payments were secure and attacks of this type were impractical outside of a lab.

“Visa cards connected to Apple Pay Express Transit are secure, and cardholders should continue to use them with confidence,” said a Visa spokesperson….

Source…

Some transit workers tighten belts after payroll hit by ransomware

/in


One consequence of the workaround is that overtime isn’t being paid out right now. But employees can request $500 bumps in their advance pay to account for expected shortfalls.

“Is it going to be 100 per cent accurate? No. But they’re giving us assurance that they’re willing to help out anybody who requests (it),” Mann said.

Asked whether he believed TransLink was prepared for the kind of attack it suffered, Mann said he did. He guessed it could still be a few weeks before the payroll system was back online.

Dominic Vogel, a cybersecurity expert and founder and chief strategist of Vancouver-based firm CyberSC, said it isn’t necessarily a poor reflection of a company’s technical capabilities when it’s hit by asuccessful ransomware attack. And hesaid it can be a very, very substantial task for a company and its IT team to repair the damage done in an attack.

“I guarantee they have been working tirelessly, even throughout the holidays to try and recover this,” he said.

Earlier this month in a news release, TransLink CEO Kevin Desmond confirmed the transit authority had been attacked.

“Upon detection, we took immediate steps to isolate and shut down key IT assets and systems in order to contain the threat and reduce the impact on our operations and infrastructure,” he said.

Desmond said TransLink planned to do a “comprehensive forensic investigation” to find out how the ransomware attack happened and what information might have been accessed. But he said TransLink uses a third-party payment processor for fare transactions and it doesn’t store fare payment data.

Source…