TRANSPORTATION CYBERSECURITY

Transportation Cyber Security

ACID Technologies helps transportation operators protect themselves by detecting the first signs of an impending cyberattack – as early as in its planning stage, and providing real-time, detailed alerts that enable the targeted operators to implement effective preventive measures

ACID Technologies provides the transportation sector with 24/7/365 dark web monitoring services, while also monitoring multiple additional sources and platforms. When detecting a threat, ACID sends real-time, actionable alerts with all available information, to enable the targeted transportation system operator to effectively respond to the threat and mitigate its harmful impact on their operation, whether service disruption, ransom demand, data theft or other.

The importance of cybersecurity in the transportation industry

The transportation industry covers multiple sectors – aviation, maritime transportation, railways and road vehicles. Its purpose is to efficiently and safely transport passengers and goods both domestically and internationally. The increasing dependence of this critical industry on interconnected digitized systems amplifies its risks from cyberattacks.

Transportation Cybersecurity

186% increase in weekly cyberattacks on transit systems from mid-2021 to mid-2022
((Roads and Bridges, USA)

Connected vehicles produce up to 25 GB of data every hour
(Uswitch)

Former Assistant Director at the US Cybersecurity and Infrastructure Security Agency Bob Kolasky spoke of an additional threat: “some evidence from [US] government sources that nation-states and associated criminal organizations target lifeline [transportation] infrastructure for cyberattacks more than other industries because these industries are strategically important to national security and the economy.”

The risks identified in this report are, of course, applicable to the transportation industry in other countries as well.

The vulnerabilities highlighting the need for cybersecurity for the transportation sector

Prof. Scott Belcher, one of the authors of the above-mentioned Mineta Transportation Institute report, warned: “The more entry points, the greater the vulnerability… Criminals are looking to get access to operational data, personal data and financial data. Each of those data sets gives them leverage… Going forward we will also have to be concerned about criminals taking control of vehicles and putting passengers at risk.”

Roads and Bridges, which reviewed the report, explained that “as the industry is integrating with micromobility, exploring the use of autonomous vehicles, upgrading systems to contactless ticketing, onboard Wi-Fi, and other improvements, the entry points for outside interference keep growing.” It added that from mid-2020 to mid-2022 weekly ransomware attacks on transit systems increased by 186%.

Connected vehicles face threats of their own. A Uswitch study reveals that a standard connected car has about 100 million lines of code, as compared to about 6.5 million for a Boeing 787 jet. Connected cars produce up to 25 GB of data every hour, including information about the driver, the vehicle and passengers. It adds that it is expected that 100% of new cars registered in the UK will be connected by 2026. While the thought of hackers gaining control of vehicles is terrifying, experts believe that their main intent will remain to steal data.

Some cyberattacks that could have potentially been foiled with ACID’s cybersecurity solution for the transportation industry

  • SAS Airlines: In February 2023, the Scandinavian airline SAS reported that its website and app had been attacked. According to the new agency TT, those who tried logging into the app were directed to accounts of other SAS customers, whose personal details they were exposed to.
  • Air France and KLM: In January 2023, Air France and KLM notified their Flying Blue loyalty program customers that their account information might have been exposed: names, phone numbers, email addresses, account numbers and mileage balances. Such information is helpful to criminals committing identity theft.
  • Hellman Worldwide Logistics: The German firm, which offers airfreight, sea freight, road and rail, and contract logistics services, admitted to having been impacted by a phishing attack in December 2022. As reported by Cybersecurity Guide, a result of the attack it was forced to stop taking new bookings for several days, disconnected its data centers around the world and shut down some of its systems to limit the spread. The extent of the loss of revenue resulting from this attack has not been disclosed.
  • Danish State Railways: In November 2022, a cyberattack caused a shutdown of railway operation for a number of hours.
  • Wabtec Corporation: The US rail and locomotive company’s operations in the USA, Canada, the UK and Brazil were impacted in a ransomware attack that the corporation detected in June 2022.
  • Go-Ahead: London’s biggest bus operator, and one of the largest bus services providers in the UK, was targeted in a cyberattack in September 2022, which affected some of its back-office systems.
  • New York Metropolitan Transportation Authority (MTA): The MTA, North America’s largest transportation network, which carries more than 11 million passengers each weekday, sustained a cyberattack in June 2021. According to Cybersecurity Guide, this attack is suspected of being a sophisticated cyber-espionage campaign launched by Chinese threat actors who had exploited a zero-day vulnerability in a remote access product from Pulse Connect Secure to infiltrate the MTA’s network. The attackers were able to achieve persistence on three of the MTA’s 18 computer systems for several days. The MTA insists that no customer data was stolen and that the attackers did not tamper with critical systems, further substantiating the likelihood of espionage as the motive. It was suspected at the time that this attack may have been only exploratory, in preparation for an even larger attack that could bring transportation to a virtual standstill in the northeast USA. 
  • ATC Transportation: The servers of the US company ATC Transportation, which provides equipment and support services to logistics companies involved in transportation, distribution and warehousing, were infected with malware in March 2021, apparently to facilitate a ransomware attack. Cybersecurity Guide reported that in addition to encrypting critical data to hold for ransom, they potentially obtained personal information of current and former employees and job applicants, including names, Social Security numbers, and DOT required drug test results.
  • Matson: The shipping giant (an annual revenue of about US$ 2 billion), which provides cargo ship service to much of the world, sustained a ransomware attack in October 2020. Cybersecurity Guide reported that the cybercriminals claimed to have stolen a terabyte of data. They then encrypted it and threatened to post it on the dark web if the ransom was not paid.
  • Maersk: The cyberattack that impacted the giant shipping container firm Maersk in June 2017 is considered particularly severe. Cybersecurity Guide reported that the attack affected all the company’s business units, including container shipping, port and tugboat operations, oil and gas production, drilling services, and oil tankers. The cybercriminals who had perpetrated the ransomware attack on Maersk demanded payment of US$ 300 in bitcoin in exchange for access to the hacked data. The company’s CEO stated that as a consequence of the attack, business volumes were negatively affected for a couple of weeks in July, and added that the cyber-attack is expected to impact results negatively by US$200 – US$300 million.

Some other cyberattacks which took place in December 2022 alone (partial list), in other countries, targeted:

  • The port of Lisbon, Portugal
  • The mass transit company SP Trans in São Paulo, Brazil
  • The railroad company ÖBB in Austria
  • The mass transit company Companhia Paulista de Trens Metropolitanos (CPTM) in São Paulo, Brazil
  • A logistics company, Mayer & Mayer, in Germany
  • The provider of maritime systems Voyager Worldwide in Singapore

ACID provides cost-effective cybersecurity for the transportation industry

ACID offers an exceptionally cost-effective solution for the transportation industry: It deploys clusters of bots and implements advanced AI algorithms in order to detect the first hint of an attack in the clear, deep and dark web, as well as in multiple other sources, as early as in its initial planning phase. Once such an intent is detected, ACID alerts the targeted company in real time, providing all the available information – including screenshots of threats detected on the dark web and deep web, which the company may be reluctant or incapable of accessing itself. ACID continues to monitor the sources, using client-specific keywords in several languages, and provides updates with any additional data as it becomes available. While ACID continuously monitors a great number of sources, if the company wishes to include additional ones in the search, ACID swiftly does so.

The real time alerts provided by ACID at the first sign of an attack, and the subsequent updates with additional information as it becomes available, enable the IT teams of the targeted company to prepare and implement countermeasures that will mitigate the impact of the attack, or possibly thwart it altogether. Players in the transportation sector are thus supported in avoiding the theft of sensitive data and costly ransom payments, and in maintaining their business continuity and reputation.

ACID’s solution can significantly improve the cybersecurity profile of the transportation industry, and of transport companies operating the various systems.

ACID deploys clusters of robots and implements sophisticated algorithms to perform continuous dark web monitoring in order to detect signs of impending attacks even while still in their planning stage, attacks that are in progress, and leaked data indicating that the organization’s systems have been breached.

Moreover, it uses not only client-specific keywords, but also allows choosing a language or several languages relevant to the client, thus achieving optimal monitoring results. The importance of the choice of language/s is evidenced by the information made available on the cyber attack campaign waged against shipping companies in North America in September 2024.

Once a threat is detected on the dark web or on any other of the multiple sources monitored, ACID sends real-time alerts to the targeted company, to enable it to implement countermeasures to diminish the impact of the attack, or perhaps foil it altogether.

Transportation is essentially the movement of people and goods from one place to another. As such, it is vital to a nation’s economy and to the economic welfare of its citizens, as well as to society as a whole, and to the quality of life of residents in all regions, nationwide.

Transportation contributes to economic growth in a number of ways, including:

  • Transportation systems enable getting raw materials to manufacturing plants that produce goods for consumers. These are often located in the more remote areas, whether due to cost of land, tax rates or environmental considerations.
  • Efficient transportation systems minimize the cost and time of travel from one location to another, thus improving economic efficiency of resource use.
  • Transportation systems with a wide distribution enable getting goods to consumers even in remote regions.
  • Varied transportation modes enable choosing the best mode according to the need – whether less expensive transportation is preferred, which often translates into longer travel time, and vice versa.
  • Local and national transportation systems connecting to those of other countries are essential to trade and commerce. They enable competitive manufacturers to export their goods to foreign markets, increase their revenue, and consequently, also the taxes paid to the authorities for the benefit of all citizens.
  • The transportation industry employs a large workforce, in developed countries – between 5% and 12% of the total workforce. This amounts to hundreds of thousands to millions. For example, in the USA alone, some 16 million are employed in the transportation sector (BTS – the US government’s Bureau of Transportation Statistics), and in Germany alone – more than 2.2 million (Statista).
  • Transportation also facilitates the development of businesses that create additional jobs. Through job creation, this industry helps keep unemployment low.

The quality of transportation services has major impact on the lives and quality of life of the population, in a number of aspects:

  • Efficient and moderately priced transportation services enable people to access healthcare services, benefit from more opportunities for quality education, and find employment in areas that are within reasonable travel distance.
  • As such, transportation services are particularly important for underprivileged persons, enabling them to benefit from education services, to earn a higher income than they would if valuable opportunities were inaccessible, and thus promote inclusion and cohesion.
  • Not needing to own a car when quality transportation services are available not only benefits people on a personal level by lowering expenses, it also eliminates or reduces traffic congestion and air pollution.

The USA’s Cybersecurity and Infrastructure Security Agency (CISA) defines the transportation systems sector as consisting of seven key subsectors or modes, as detailed below, providing data relevant to the USA specifically. The data provided by CISA illustrates the enormity of the challenge of protecting this sector from cyberthreats.

  • Aviationincludes aircraft, air traffic control systems, and about 19,700 airports, heliports, and landing strips. Approximately 500 provide commercial aviation services at civil and joint-use military airports, heliports, and sea plane bases. In addition, the aviation mode includes commercial and recreational aircraft (manned and unmanned) and a wide variety of support services, such as aircraft repair stations, fueling facilities, navigation aids, and flight schools.  
  • Highway and Motor Carrierencompasses more than 4 million miles of roadway, more than 600,000 bridges, and more than 350 tunnels. Vehicles include trucks, including those carrying hazardous materials; other commercial vehicles, including commercial motorcoaches and school buses; vehicle and driver licensing systems; traffic management systems; and cyber systems used for operational management.  
  • Maritime Transportation Systemconsists of about 95,000 miles of coastline, 361 ports, more than 25,000 miles of waterways, and intermodal landside connections that allow the various modes of transportation to move people and goods to, from, and on the water.  
  • Mass Transit and Passenger Railincludes terminals, operational systems, and supporting infrastructure for passenger services by transit buses, trolleybuses, monorail, heavy rail—also known as subways or metros—light rail, passenger rail, and vanpool/rideshare. Public transportation and passenger rail operations provided an estimated 10.8 billion passenger trips in 2014.   
  • Pipeline Systemsconsist of more than 2.5 million miles of pipelines spanning the country and carrying nearly all of the nation’s natural gas and about 65 percent of hazardous liquids, as well as various chemicals. Above-ground assets, such as compressor stations and pumping stations, are also included.  
  • Freight Railconsists of seven major carriers, hundreds of smaller railroads, over 138,000 miles of active railroad, over 1.33 million freight cars, and approximately 20,000 locomotives. An estimated 12,000 trains operate daily. The Department of Defense has designated 30,000 miles of track and structure as critical to mobilization and resupply of U.S. forces.
  • Postal and Shippingmoves about 720 million letters and packages each day and includes large integrated carriers, regional and local courier services, mail services, mail management firms, and chartered and delivery services.  

Some of the most common modes of attack preferred by cybercriminals and cyberterrorists targeting the transportation industry include malware attacks, ransomware attacks, denial-of-service attacks and phishing attacks.

In September 2024, as reported by The Record, cybersecurity firm Proofpoint identified a new campaign directed at a number of shipping companies in North America, which it did not name. Proofpoint analysts arrived at the conclusion that the campaign was being waged after having tracked the activity since the month of May. It seems that the perpetrators were financially motivated. The tool used in the attack was several different strains of malware. The attackers gained access through the use of transportation and shipping companies’ compromised email accounts – at least 15 were found – and sent them malicious links with the intention to steal information. According to Proofpoint, the types of malware used in this cyber attack campaign included Lumma Stealer, StealC, DanaBot and Arechclient2. Some attacks involved impersonation of legitimate software – AMB Logistic, Samsara and Astra TMS – which is used for transport and fleet operations management. According to experts, the involvement of this industry-specific software, and the languages used to bait the victims, seem to indicate that these and possibly other perpetrators research their targets’ operations in advance, and are also familiar with their typical business workflows.

  • In October 2024, several Belgian ports, among them Antwerp and Zeebrugge, were targeted in a DDoS attack by NoName057, a pro-Russian group. The attack was politically motivated, as evidenced by the announcement posted by the group: “The Belgian government will soon be examining a proposal to purchase and transfer three Caesar artillery units to Ukraine. We have decided to pay a visit to Russophobic Belgium to show them how initiatives in support of the criminal regime in Kyiv end.”
  • In September 2024, Germany’s state-owned Deutsche Flugsicherung (DFS), which handles the country’s air traffic control, sustained a cyberattack that disrupted its office communications.
  • Also in September 2024, the computer systems of Transport for London’s (TfL) were targeted in an ongoing cyber attack, mainly affecting the backroom systems at its corporate headquarters. TfL claimed that its services had not been impacted, and that it could not find evidence of data theft. Employees who were able to work from home were requested to do so.
  • In August 2024, the Port of Seattle was the victim of a ransomware attack perpetrated by the Rhysida group. After gaining access to the port’s computer systems, the group encrypted certain parts, causing service disruption. The attacked systems were responsible for ticketing, check-in kiosks, baggage handling, parking, Wi-Fi services, and more. The port refused to pay the ransom that the group had demanded.
  • Also in August 2024, and also in Seattle, Seattle-Tacoma International Airport sustained a cyber attack that shut down its internet and web systems. Passengers were therefore requested to complete as much of the preflight process as they could at home, before arriving at the airport.
Quick Links
Product
Solution
Facebook Linkedin Twitter

© 2022 ACID Technologies