A computer virus forced a US maritime base offline for more than 30 hours, the country’s coast guard has revealed. Ransomware interrupted cameras, door-access control systems and critical monitoring systems at the site. The agency did not reveal the name or the location of the facility targeted by the attack.
Officials said they believed the ransomware was sent in a malicious email link, clicked by an employee, the BBC reported yesterday.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
The U.S. Coast Guard’s announcement that a computer virus forced a maritime base offline for more than 30 hours is the latest in a growing trend of specialised ransomware attacks, which includes last month’s on the city of New Orleans. While global ransomware volume was down 10% through November 2019, cybercriminals are being more targeted than ever before, focusing on lucrative and defined targets over massive volume.
The Maritime Safety Information Bulletin stated that this attack came about as a result of an employee opening a malicious email, a mode of social engineering that focuses on and exploits human error. Over 90% of cyberattacks start with a successful phishing campaign with hackers typically engaging in social engineering tactics to study the victim and craft personalized phishing messages. A single click from an employee can open up vast networks to cyberattacks and, as this attack testifies, the fallout can be substantial, not only for businesses but, in this case, core national institutions
Ransomware was one of the most disruptive forms of cyber attack in 2019 and it seems that this will continue to be the case in 2020. With countless emails and links being sent across the network it is no small task to mitigate the risk of employees falling victim to an attack, and reminds us of the importance of a layered approach to security. While access control should limit the path of an attacker and robust backups can restore systems as soon as possible, it is also important to have broad visibility of the network to identify and eliminate an attack quickly. Technical protection and defense must dovetail with business processes; ensuring employees are educated to become a strong line of defence, while a rock-solid incident response plan can deliver a swift recovery.
Critical services and infrastructure will continue to be targeted by cyber criminals and it’s only with partnerships between security experts, risk specialists and those responsible for the build and protection of these highly important assets that we will be able to improve our overall security posture against attackers.
Yet again we appear to be seeing a facility disrupted by malware introduced via email. My bigger concern is that the malware was apparently able to penetrate operational technology systems used to control cargo transfer. This demonstrates the need for decent network segmentation, firewalling and backups that can be restored following such an incident.