In a parking lot in Houston on Monday, Ben Gardiner launched a physical attack on the brake controller on the back of a tanker via wireless signal from a remote antenna, rendering the rig useless.
Gardiner, a senior cybersecurity research engineer contractor at the National Motor Freight Traffic Association (NMFTA), said this is one of the few ways an attacker could wirelessly, physically hack a truck, but it has broad implications – from hacking a group of trucks to effectively shut down a city to the more common reason: money.
“If attackers can make money by ransoming people’s desktop computers, which have a fractional impact on the revenue of fleets, how much money could they make by ransoming the movement of assets,” he said.
While this type of attack is possible, it’s not as common as desktop attacks like phishing, ransomware and business compromised email, to name a few. Those types of attacks were much of the focus during the NMFTA Digital Solutions Conference on Cybersecurity held this week in Houston.
Speakers from the FBI, U.S. Secret Service, Transportation Security Administration, Cybersecurity and Infrastructure Security Agency (CISA), and varying universities and companies spoke on the most common cybersecurity threats of 2023 and the prevention and reaction methods to help fleets mitigate and recover from those attacks.
The biggest of those is ransomware via phishing and social engineering attacks, said Ernesto Ballesteros, cybersecurity state coordinator at CISA. Shelly Thomas, senior vice president at insurance broker Marsh, said her company saw ransomware attacks wean a bit in 2022 but pick back up in 2023. Secret Service Agent Clarke Skoby said incidents of business compromised email (BCE) recently have been 10 times those of ransomware attacks.
BCE occurs when a bad actor compromises a legitimate business email account and uses it as a trusted business account to gather private or personal information in order to conduct a social engineering attack. It oftentimes is a precursor to ransomware attacks.
While many are familiar with phishing and ransomware attacks, BCE is lesser known. Trina Martin, a cyber intelligence analyst for the FBI, offered these prevention methods and actions to take if an attack like this occurs on your carrier.
Prevention
• Disable hyperlinks in email accounts
• Quarterly or frequent cybersecurity training/awareness
• Closely inspect domain spellings or oddities in emails received
• Closely inspect grammar, spelling and verbiage in emails
• Utilize dual authentication
• Do not send funds out on a Friday
Actions
• Immediately report loss on IC3.gov
• Contact your bank to issue a stop on all fraudulent transactions
• Contact all vendors via phone to notify them of potential infractions
• Disable any rules in affected email addresses
• Have your IT department scrub impacted computers
• Change passwords for all accounts
Skoby said the majority of BCE he sees is because many people use the same password for personal accounts as they do for business accounts, and many of the websites people use for personal use are easily hacked, or those individuals are easily manipulated into clicking links and leaking those passwords to the dark web, which is why he said it’s important to use varying and strong passwords. Speakers at the conference also highly encourage multi-factor authentication to prevent malicious access to accounts.
One of the biggest takeaways from the cybersecurity experts at the conference was the importance of segmentation, which can prevent further damage in the event a carrier is hacked.
“The new directives that have come out (from TSA) have been focusing on honing in on understanding your environment, increasing your segmentation so that you don't have that bleed over that if someone does compromise an email that it does not spill over into a more sensitive area that could cause a full-out disruption of your environment,” said TSA Compliance Administrator Takeda Parker-Bradford.