Zero trust: Chaos creates cybercriminal opportunities

If there is any word to best describe the first few years of the decade, it is chaotic. And chaos is where cybercriminals flourish. While many fleets and other transportation industry organizations and businesses are more secure than last decade, there are more threats to the industry, which could impact fleets, their customers, and supply chains.

In the past year, the transportation industry was among the top 10 most targeted sectors by cybercriminals, according to a 2022 IBM Security study. While transportation was the seventh-most cyberattack-targeted industry, industries relying on trucking and other transportation services, such as manufacturing (No. 1), energy (No. 4), and retail/wholesale (No. 5), were victims of ransomware and business email compromise (BEC) attacks, according to the study.

These attacks, particularly against manufacturing, which accounted for nearly a quarter of all cyberattacks worldwide in 2021, added to the supply chain pressures created during the COVID-19 pandemic.

"Cybercriminals usually chase the money. Now with ransomware, they are chasing leverage," said Charles Henderson, head of IBM X-Force. "Businesses should recognize that vulnerabilities are holding them in a deadlock—as ransomware actors use that to their advantage. This is a non-binary challenge. The attack surface is only growing larger, so instead of operating under the assumption that every vulnerability in their environment has been patched, businesses should operate under an assumption of compromise and enhance their vulnerability management with a zero trust strategy."

Joe Russo, VP of IT and Security at Isaac Instruments, a trucking technology company, said more companies are shifting toward “zero-trust.” It’s a new security approach that assumes a breach has already happened—so it increases the difficulty for an attacker to move through a company’s network.

Transportation industry security improves

IBM’s study found that 4% of all attacks were aimed at the transportation industry, which made it the seventh-most targeted group in 2021. Transportation was No. 9 in 2020. IBM found that as international borders and transportation networks reopened in 2021, it renewed cybercriminal interest in transportation. While transportation ranked lower overall in 2020, it saw more cyberattacks. 

The transportation industry had already started taking cyber issues more seriously last year, according to Ben Barnes, chief information security officer and VP of IT services for transportation solutions provider McLeod Software. 

“I think we, as an industry, have come a long way in our cybersecurity,” he told FleetOwner. “A lack of cyber adoption was our big hurdle for a long time. I don’t think we suffer that anymore.”

While the transportation industry was once the “low-hanging fruit” for cybercriminals, that is no longer the case, Barnes said. “I think a lot of the attacks in the transportation industry now are very targeted. It’s a high-value market now,” he explained. “High value doesn’t mean profitable, but there’s a lot of revenue; there’s a lot of dollars in transportation that are moving. And that makes us very likable for a thief.”

Malicious insiders—those who intentionally abuse legitimate credentials to steal information—was the top attack type against transportation organizations in 2021, according to the IBM study. These attacks made up 29% of those in the industry. Ransomware, remote access trojans (RATs), data theft, credential harvesting, and server access were also aimed at transportation organizations.

Half of the incidents IBM X-Force remediated at transportation companies originated with phishing emails, followed by stolen credentials (33%), and vulnerability exploitation (17%).

Russo noted that during the pandemic, as more companies were dealing with remote workers and more entry points for attacks, cybersecurity technologies improved. “If there’s a ransomware attack, it can be isolated to just that device so it doesn’t spread,” he explained. “A lot more proactive and containment is happening than in the past.”

Transportation targets

While transportation is no longer one of the top five targets for cybercriminals, it’s no reason for fleets and similar businesses to rest, Russo said. 

“With the Russian war in Ukraine, hackers are going after high-value targets, such as financial systems and health care,” Russo explained. “They haven’t gone down the list yet and hit transportation. But everyone must be vigilant—it could hit anytime.” 

When the fragility of U.S. supply chains was exposed during the COVID pandemic, cybercriminals were also shown how attacks could affect specific transportation organizations and businesses such as fleets, according to John Sheehy, SVP of research and strategy for IOActive. 

“You might be attacked because of who your client is—or who their client is,” Sheehy told FleetOwner. He explained that a criminal looking to infiltrate a high-value target could use a fleet’s weaker cybersecurity as a way to get into a fleet customer’s network. That’s why he believes sharing information about company security breaches can contribute to the common good.

“Empowering them with the information they need to make decisions to protect themselves and their clients is very helpful,” Sheehy said.

Cyberattacks aren’t going away, McLeod’s Barnes said. And like all business practices, companies need to review and revisit their cybersecurity practices regularly. 

“We’re all targets because we’re all part of the transportation sector—but there is strength in collective action,” he said. The transportation industry needs to work together to combat cybercrime. As more companies take steps to protect their IT systems, the transportation sector will become a less attractive target for cybercriminals. If we can raise awareness and take action to defeat cybercrime, the entire industry will benefit.”

This article originally appeared on FleetOwner.com.