Impact

Cyber Threat Analysis for the Trucking Industry

By

UNCOMN (formerly Aegis Strategies) recently engaged the Transportation Industry as part of the National Defense Transportation Association (NDTA) 2016 Fall Meeting in St. Louis, MO. During this meeting, UNCOMN provided information systems and cybersecurity experts for panels discussing “Cyber in a disruptive world”.

Our experts fielded many types of questions, but many tied by to the simple fact that small businesses (specifically trucking companies) are having a hard time determining where to even start when it comes to securing their business and its operations. Our team decided to pull together an overview and create a starting point for these businesses to begin the discussion. Our intent is to provide this free resource in order to enhance the overall security of the Defense Transportation Industry.

Why do hackers target trucking companies?

In order to:

  1. Gain access to a truck as a weapon (Hackers Say Trucking Industry Needs to Step Up Computer Security)
  2. Gain access to truck payload(s) to steal the contents
  3. Gain access customers through system connections
  4. Gain identity information, credit cards, PII which can be sold
  5. Prevent use of your websites or information systems
  6. Gain your company’s Intellectual Property
  7. Gain control of critical data to encrypt the information and ransom it
  8. Turn your company’s infrastructure into a means for damaging other businesses

Background Information:

  1. Gauging the Growing Cyber Threat to Trucking by Fleet Owner
  2. Cyber Risk in the Transportation Industry by Marsh’s Transportation Practice
  3. Cyber Attacks Can Funnel Through Trucking Companies to Shippers – by Carolyn Gruske (trucknews.com)
  4. Battling a Hack: One Fleet’s Story by Fleet Owner (what an attack looks like against a trucking company)

Type of Attacks seen in the across the Transportation Industry

Based on the Version 2016 Data Breach Investigation Report representative of 12 types of businesses from the industry. This list is in order by impact:

  1. Attacking web applications (35% – 2nd highest across all industries) A hacker enters a code into a website’s fields to cause the system to fail in an unsecured manner. Hackers use programs to locate weak passwords via login fields on a website.
  2. Denial of Service Attacks (26% – 8th highest across all industries) Hackers flood your internet facing devices with so much traffic that you are unable to keep up with the demand and your external systems failed. Attacks of this nature can fill up databases and cripple the internal processing capability of a company. These attacks are easy to conduct and can last for minutes, hours, days, and weeks.
  3. Cyber-espionage (16% – Tied for highest across industries with Manufacturing) Cyber-criminals gain access to your IT systems using various means (social engineering, malware, phishing) to steal company proprietary information to sell to your competitors and/or remove a competitive advantage you have over others.
  4. Crimeware (10% – 2nd highest across all industries) Cyber-criminals trick users into putting ransomware on their systems, encrypting all the data in a system, and holding that system for a ransom to unlock the data.
  5. Misc. Errors (6% – 3rd highest across all industries) Attacks can exploit errors caused by no applying IT best practices (did not change the default password, used the same admin password across all systems, do not have systems patched).
  6. Privilege misuse (6% – tied for 4th highest across all industries) Any unapproved or malicious use of organizational resources such as a disgruntled insider takes information and gives it to someone external and/or provides access to your systems.
  7. Attack Surface — Potential vulnerability points:

Truck-focused:

  • Diagnostic data ports
  • Endpoints in the truck used to access company info (e.g., Laptops, tablet devices, phones)

Stopping points (Fueling, rest stops, etc.):

  • Credit card scanners on fuel pumps
  • A truck’s physical security
  • Wireless attacks are conducted by bad actors to capture data traveling over unsecured Wi-Fi communications (cell phones, mifis, hotspots).

Home Office:

  • Internal wireless networks
  • Desktop environment
  • Employees and their endpoint devices

Web Applications:

  • Customer site that track shipments
  • Internal employee websites used to enter time, dispatch, etc.

It is good to remember that any IP space and/or services exposed to the Internet is vulnerable to attack.

Background Information

  1. Top Five External Threats
  2. 43 Percent of Cyber Attacks Target Small Business
  3. Hackers Hijack a Big Rig Truck’s Accelerator and Brakes

What can you do to start securing your business today?

  1. Train your users:
  2. Begin working with a cybersecurity team to assess your risk and determine a cost-effective road-map; UNCOMN and several of our partner organizations can help with this:
    • Midwest Cyber Center — non-profit created to bring together cybersecurity partners in the St. Louis region.
    • UNCOMN — we combine domain knowledge, technical expertise, and an agile systems engineering approach to solve our clients’ process, data, and technical problems.