As the transportation sector grows increasingly connected to the internet, it becomes more susceptible to cyberattacks. Failing to protect the industry might induce significant damage to companies and disrupt our lives.
Threat actors continually develop new means to attack critical infrastructure – from healthcare facilities to power utilities – to make a financial gain, exfiltrate information, or cause chaos.
The transportation sector is similar to other critical infrastructure sectors regarding its importance to people's daily lives, like water, power, and telecommunications. People need to move from one place to another; they also need to buy goods and get their cars filled with fuel. The transportation sector provides all these services and more, and failing to protect it from cyberattacks will profoundly impact all other business sectors.
Attackers driven by the thirst for money and chaos
The motivations for cyberattacks against the transportation sector can vary. We can recognize the following causes:
Financial gain. The NotPetya ransomware attack against the giant logistics company Maersk cost more than $300 million of loss due to business interruption in 2017.
Information theft. Threat actors exfiltrate information of, for example, customers and business partners. Ransomware operators are now threatening companies to publish their compromised data on data leak websites if they refuse to pay the ransom. This recently happened with the German giant global logistics firm Hellmann which fell victim to a ransomware attack last December.
Disruption. Malicious actors target organizations to cause chaos and wide disruption in the target country/state. The motivation here could be a direct attack from a foreign country to advance their agenda or caused by terror organizations that aim to cause extensive damage and harm to a large number of citizens for ideological and political gains.
The work of transportation and logistics companies spans over aviation, maritime, and trucking sectors. The dependence on digital technologies to facilitate their work has expanded their attack surfaces and made them more vulnerable to cyber threats.
Aviation industry hit hard
Cyberattacks against airline companies can take different forms and aren’t limited to the airplane operator. Various vendors are involved in providing airplane services, and all are susceptible to cyberattacks, such as airlines, airports, technology vendors, and other contractors and subcontractors responsible for providing ground services.
The primary motivation behind attacking airplane companies is stealing travelers' personal and financial information. The stolen data can be used to commit fraud or sold to interested parties in the darknet marketplace. The aviation industry is prosperous and very time-sensitive. It also needs a series of interconnected services to function properly. This fact made attackers more willing to attack this sector, especially deploy ransomware, because of the high impact of any service interruption. The affected company is likely to pay the ransom quickly to restore its normal operations and avoid the considerable interruption losses.
The cyberattack against the low-cost British airline company EasyJet is a prominent example of the severe consequences of cyberattacks on airline companies. In 2020, the company was hit by a cyberattack that compromised the personal and financial information of 9 million of its customers. The impacted travelers raised more than 10,000 lawsuits from 50 countries worldwide; this attack caused the company to lose 45% of its share value.
Attacks again maritime disrupt supply chains
The maritime sector includes vessels, shipbuilders, ports, ground services, technology providers, and all other vendors in the supply chain. All these parties utilize digital technologies to facilitate their work and interact with each other. Attacking maritime transportation will heavily impact the global supply chain of goods.
Maritime transportation is not only critical for moving goods; for instance, most of the world's petroleum and other liquid energy supplies are carried through the sea. Disrupting moving power supplies through maritime trade will have disastrous consequences on the global economy because it will impact all other sectors.
The increased adoption of digital technologies across all industries has encouraged shipping companies to ride the wave and see how they benefit from automation.
Shipping companies are now using different hardware and software technologies to enhance work efficiencies in data analysis, the Internet of Things (IoT), and operational technology (OT) areas.
Cyberattacks against the maritime industry are similar to those targeting critical infrastructure. The most used attack vectors remain social engineering and ransomware. Some attacks aim to cause disruption, such as DDoS attacks against Global Positioning System (GPS) and Automatic Identification System (AIS). In contrast, others target shipping digital communications, route management solutions, and Integrated Control Systems (ICS) used to monitor the complex components that make up every vessel.
Sharp increase in attacks against ground transportation
The trucking sector uses digital technologies to enhance efficiency, beginning with autonomous vehicles, tracking solutions, cloud technologies for administrative works and running apps (SaaS and IaaS), IoT sensors in trucks, and ending with route management.
Ground transportation companies generally do not take cybersecurity threats seriously because they think they are not lucrative targets for threat actors; however, this is inaccurate. According to Attrix president Anthony Mainville, ransomware attacks increased by 80% in 2020, and the annual growth of such attacks in transportation reached 186% in June 2021.
The recent attack against the Minnesota trucking and logistics company Bay & Bay, which happened for the second time (the first ransomware attack occurred in 2018), shows that even prepared companies who suffered from a significant cyber incident in the past still fall victim again to the same threat type, despite the enhanced security tools, systems, and processes.
Common attack vectors
Like other high-profit sectors, transportation and logistics companies suffer from many cyber threats. The following list is the most common one.
Phishing emails. Intruders impersonate a legitimate entity (e.g., a bank or a legitimate third-party provider) and communicate via email, SMS, phone calls, or even in person. They use different psychological tactics to convince target individuals to give them sensitive information, such as login credentials. There are different types of phishing, such as spear-phishing (targeted attack) and spear-phishing attachment (which attach malware with email messages to gain an entry point to the target IT environment using the compromised endpoint device.
Ransomware. This is the greatest threat targeting all organization types worldwide. Ransomware works by encrypting target company IT systems files and demanding a ransom to remove the restriction. The profitable model of ransomware has encouraged organized-criminal groups to utilize this attack vector heavily to target transportation companies.
Exploiting the remote-working model. After the COVID19 pandemic, companies have shifted many job roles to fully remote. Employees' devices are less secure than those used in the working environment and are easier to infiltrate by threat actors.
Responding to cyberattacks
Today's IT environments are complex and span over on-premise and cloud. To detect advanced cyber threats and unknown malware, installing a Network Detection and Response (NDR) solution is critical to monitor all digital interactions in the organization's digital ecosystem.
Secure endpoint and IoT devices. Installing antivirus and personal firewalls on all endpoint devices (workstations, laptops, tablets, and smartphones) is critical. Most IoT devices can not be protected using the traditional way. Your company needs to develop a strict approach to assess the security of all IoT devices used in its environment and suggest the best tools and security controls to protect each device.
Network segmentation. Dividing a network physically through switches and routers or virtually through VLAN is a good security practice to prevent cyber threats from spreading to all network segments at once. It also allows the security team to install specific security controls on each segment, according to its importance and the type of data and apps it holds.
Patch management. Any devices that access your enterprise IT environment should be appropriately patched. This includes keeping operating systems and all installed apps up to date. This prevents threat actors from exploiting security vulnerabilities to gain a foothold in the target environment.
Backup regularly. Ensure you have a complete backup of all work data. This allows you to restore operations quickly in the case of a ransomware attack.
Cybersecurity awareness training. This is the most important protective measure against all cyber threats. Regardless of the security solutions installed, a single error by an unaware employee can result in installing ransomware in your environment and will make all your protective measures useless.