Beware Of Ransomware Crimes On The Rise
A recent meet and discussion of the NMFTA cybersecurity panelists Antwan Banks, Shelly Thomas, Ernesto Ballesteros, Clarke Skoby, and Takeda Parker-Bradford of the Transportation Security Administration revealed the disturbing trends that have been plaguing the trucking industry in the US.
HOUSTON — This increase in cyber threats in the trucking industry has become quite a big problem. These attacks are more prevalent now after the internet boom. The impact and instances of these threats can be observed across the economy in general according to experts.
The much-awaited Digital Solutions Conference that comprised this discussion was hosted by the National Motor Freight Traffic Association. This two-day event did one of the biggest favors to aspiring truck drivers and existing trucking players in the market. It brought transportation and cybersecurity experts on one desk and that helped identify the most critical issues at hand. The experts also discussed at length the best practices to follow in this situation.
The work that we’re going to do over the next two days is essential,” said all the experts present at the conclave. According to NMFTA Executive Director Debbie Sparks, “We want to grow, we have the bandwidth to grow to do what it is that the industry needs us to do to get there, and it needs to happen quickly. We are expanding every day. We want your ideas, your feedback. But this is just the beginning.
Sparks was also seen stressing the importance of all the stakeholders in the industry coming together to examine the issue and find a way to solve these rising cybersecurity problems faced by the transportation industry. She also said that the industry must be prepared at all times because as the internet landscape changes, the threats around the industry evolve as well and it is happening at a very rapid pace.
The next five years are going to be changing dramatically,” Sparks said. “Some of you, this isn’t your very beginning, you’ve been in this a long time. But it’s going to be happening very quickly. We’re seeing that with more cyberattacks, but it’s even bigger than that; it’s even how we set ourselves up operationally and how we’re prepared to take on these operational changes.”
Sparks was accompanied by a distinct panel of cybersecurity experts. These professionals working outside the industry had ample knowledge of cyber threats and they discussed the evolving nature of these threats and how trucking companies can best prepare for them. Awareness training regarding these threats was stressed a lot because the common man tends to be a lot more vulnerable to them regardless of what sector he may want to enter.
Shelly Thomas, Senior Vice President at risk management firm, Marsh said, “2023 has been an interesting year from a ransomware perspective. said We’ve seen our highest numbers in Q2 since 2020. We actually saw our largest ransom demand earlier this year, around $175 million. That was negotiated down, but just kind of showing you the depth and breadth of those ransom demands. I would also say that privacy is another area that’s continuing to evolve.”
Thomas also emphasized that organizations in this sector need to be a lot more aware of the many ways these cybercriminals collect their data. She also said that people letting this critical info out must also make sure that there is proper consent for how they are going to use that data. This ensures their privacy and one can avoid litigation.
I would say ransomware and privacy are definitely the biggest trends that we’re seeing just from an industry and attack perspective,” Thomas said. “But I think that a lot of work that’s been done over the last 18 to 24 months from a security posture has helped.
In order to get meaningful cyber limits, you had to have certain controls in place. … I think that’s helped organizations recover quicker in the event of an incident.
Training is also essential when it comes to combating cyber threats, according to Thomas. Everyone in the top management, the mid-level operations, and also the floor-level employees must understand how critical it is for them to take these threats and related security measures seriously.
Ernesto Ballesteros, the state cybersecurity coordinator for Texas, said at the Cybersecurity and Infrastructure Security Agency, “I will tell you, folks, just by and large, regardless of what sector you’re in, we are seeing all kinds of attacks that are occurring,” said “Ransomware is probably the biggest one out there in the public sphere.
Ballesteros also pointed out that a major chunk of these attacks are perpetrated through social engineering methods of which the most popular is phishing. This is a very clever way to manipulate people and coax them into sharing their personal and financial information online. Phishing is done through the use of fraudulent digital communication which can be a very authentic-looking email. The source also tends to appear trusted and this is how they succeed in fooling innocent people.
A lot of people use the same password at work as they do for their personal stuff, and sometimes the websites that you use for your personal stuff get compromised,” U.S. Secret Service Agent Clarke Skoby said. They’ll create an inbox rule and it’ll be any email that in the subject line says bill or invoice, send that email directly to RSS feeds. And so, the victim never sees that email go in and it goes to another folder that you never check. The attacker then goes in, checks RSS feeds, he sees those emails, and then he’ll re-create those emails.
According to Skoby, the attacker would move on to create his/her own bill and website that will look absolutely legitimate. From there on out, the real game begins. He may then say that something about their banking information is not right or has probably changed. This is done to get the innocent visitor to send money to the fraudulent account.
Ballesteros said, "You cannot overstate the value proposition of training as far as user awareness is concerned. You have a lot of machines, particularly those that are internet-facing, that have vulnerabilities, and they end up being exploited one way or another, essentially opening the door for threat actors to get into your operating environment.
English