What Time Is It? Time to Get Serious About Security
As if the Coronavirus hadn’t presented enough challenges to industrial operations across the board.
The stretch of time between May 27th to June 4th of 2021 was full of reports about cyberattacks, some within industrial systems. Let’s take a brief look at what’s been reported, and what we know thus far:
Attack on Government Agencies
Nobelium, the group behind the SolarWinds hack in late 2020, surfaced again with a phishing campaign. Phishing is an attack method that uses disguised email. The goal is to deceive email recipients into taking an action that will benefit the attacker, such as providing financial information or other personally identifiable information. These emails can come from a familiar name in the “From” line, but if you look closely, you’ll see that the underlying email address is completely different.
The group targeted government agencies predominantly, then used those agencies’ account credentials to email people in attempts to phish personally identifiable information from them.
JBS USA, a subsidiary of Global food manufacturer JBS Foods, suffered a cyberattack that affected servers supporting IT systems in North American and Australia. According to a Bloomberg report, the attack forced JBS to shut down its beef plants in the U.S. — accounting for almost a quarter of American supplies — and slow pork and poultry production. The specific attack that JBS USA experienced was a ransomware attack. Ransomware, as defined by McAfee, is malware that employs encryption to hold a victim’s information at ransom. A user or organization’s critical data is encrypted so that they cannot access files, databases, or applications. A ransom is then demanded to provide access.
Fortunately, JBS USA’s backup servers were not infected and allowed for a return to operations sooner than originally expected.
Metropolitan Transportation Authority (MTA)
Reported on June 2nd, 2021, New York’s Metropolitan Transit Authority was attacked in April. Hackers exploited security flaws in Pulse Connect Secure, a VPN that enables employees to remotely connect to their employer’s network. The attack hit three of MTA’s 18 systems. There is a silver lining to this story though, as the bad actor behind the attack couldn’t gain access to the subway car control systems. No riders were hurt or put at risk. But MTA’s systems were still breached, and who knows what could have happened if the transit authority hadn’t discovered the breach sooner.
Steamship Authority of Massachusetts
The Steamship Authority of Massachusetts (SAM) fell victim to a ransomware attack early in June. While trips have kept running uninterrupted, it did affect SAM’s website and card systems. Riders presently are unable to use online and phone services to book or change reservations, and they’re encouraged to use cash when paying for fares and parking. Pending the availability of protected backup of its data, SAM may have to pay the ransom. It’s tough to know right now, as details to this story are developing.
The Stakes Are Higher Than Ever
Security threats are constantly evolving, looking to exploit any weakness or vulnerability within your networks. While the severity of the attacks varied across these stories, the point to focus on is that the attacks happened. And that they happened in rapid succession. The scale of damage done to these organizations likely won’t be known for quite some time.
The impact an attack can have shouldn’t be taken lightly. If you’re like many businesses and you’ve digitized many of your processes, think about what a cyberattack could do. It could expose sensitive customer data. It could cause you to shut down production. In the case of JBS USA, it meant the potential for a nationwide food shortage and employees unable to work indefinitely.
The reality is that this could happen to you. That’s why it’s important to understand security best practices and what solutions you need to keep your data protected. For many, this may be a call to start investing in more security tools. There’s a vast market for security solutions. With a little research and guidance from security professionals, you can find the solutions that are a fit for your business. Before it’s too late…