She likens cybersecurity to COVID-19 virus: “If you’re not protecting yourself, you can get it. You won’t know it right away, and it’s going to be really detrimental when it happens. You’ll wish you could turn back the clock—but you can’t.”
COVID-19 isn’t the only pandemic the world will face this decade, stated Christopher Krebs, former director of the federal Cybersecurity and Infrastructure Security Agency. “Considered a low-dollar, online nuisance crime only a few short years ago, ransomware has exploded into a multibillion-dollar global racket that threatens the delivery of the very services so critical to helping us collectively get through the COVID pandemic,” he said in testimony before the U.S. House Subcommittee on Cybersecurity in May. “To put it simply, we are on the cusp of a global pandemic of a different variety, driven by greed, an avoidably vulnerable digital ecosystem, and an ever-widening criminal enterprise.”
Cybercrimes have reached a torrid pace since the COVID-19 pandemic changed the office work landscape in the U.S. Just last spring. The FBI reported a 300% increase in cybercrimes between March and May 2020. The transportation industry has seen similar surges in attacks this year, according to Ben Barnes, McLeod Software’s vice president of IT services and chief information security officer.
“We didn’t see a lot of attacks in January and February, but in March and April, the ransomware attacks have escalated in our industry, and we don’t know why exactly,” Barnes, whose company provides transportation and trucking software solutions, told FleetOwner. “But if we can map these patterns and know the same thing happened last year in March and April when we saw attacks go up, we’re starting to see a pattern.”
If cybercriminals gain access to a fleet’s IT system and install ransomware, the company will face some complex decisions, Barnes noted. “A ransomware attack in our industry can easily shut down your business for three days. You can’t dispatch loads, you can’t pay drivers or conduct financial transactions of any sort, and you may not be able to use email,” he said. “Companies that don’t have an incident response plan in place may be looking at one or two weeks of inactivity. The impact on the business can be severe and lasting.”
Cybercriminals, he said, are like most other criminals: They are looking for an easy way in. He compared businesses to a bunch of homes on a cul-de-sac. “You don’t want to be the house with the doors open, no guard dog, no cars in the driveway,” Barnes said. “You want to be the house that has a security system and locks its doors. They are going to move on to attack the easier target. You don’t want to be the low-hanging fruit.”
How hackers use ransomware is evolving, according to Scott Hellberg, director of information security governance, risk and compliance for Sentry, an insurance provider for long-haul fleets and owner-operators. “At one point, ransomware was simply malware loaded into a phishing email,” he told FleetOwner. “With that, [the hacker] will gain access to the machine and encrypt it.”
Now, he said, cybercriminals are taking more of a “shotgun” approach where they don’t have a specific target. The goal is to get the malware on as many networks and machines as possible. Then, once the hackers have access to a network, they decide when to activate the ransomware. Cybercriminals are “betting on the fact that most people don’t do a good job with backups and have put themselves in a position where their data is one of the most important aspects of them being in business,” Hellberg explained.
Businesses without good data backup plans are most susceptible to being held at ransom, Hellberg said. If businesses do not have a good backup system in place, cybercriminals could force the organization to pay a ransom in whatever cryptocurrency the attackers want. A cybercriminal can lock up an IT system until the victim company pays for a “cyber key” to regain access to the data.
Sometimes this malware lies dormant in a company’s network or an individual computer. Barnes said it could become like a “pyramid scheme” for hackers once they gain access to a system. Along with selling access to various criminal networks on the dark web, cybercriminals like to go after the same organizations more than once.
“We’ve seen some midmarket and smaller transportation firms get hit multiple times,” Barnes said. “That is as baffling to me as any of this because if you got hit once, you’re on a list. Suppose [a hacker] has credentials to get into your system. In that case, that attacker can sell those credentials to another attacker—and that attacker will go and map out your network and find everything you have, and they will sell it to another attacker who will run ransomware on it. Well, each one of these sales puts that information out there for public knowledge and that can be resold yet again.”
Companies that don’t tighten up their cybersecurity, make changes, or learn from the past are the companies most likely to get attacked multiple times, Barnes said.
“If a fleet hasn’t started thinking about cybersecurity yet, then they’re probably being targeted right now,” Jazrawy told FleetOwner. “It’s just too late now. You should be immediately starting something now if you haven’t done it because someone has probably found you. It’s crazy not to be doing something, and that something has to include both your backend systems and your people because that is how they are getting to you.”
Read full story at Fleet Owner.