{"id":11533,"date":"2021-06-19T11:06:50","date_gmt":"2021-06-19T09:06:50","guid":{"rendered":"https:\/\/advancedfleetmanagementconsulting.com\/eng\/?p=11533"},"modified":"2021-06-19T11:09:41","modified_gmt":"2021-06-19T09:09:41","slug":"cybercrime","status":"publish","type":"post","link":"https:\/\/advancedfleetmanagementconsulting.com\/eng\/2021\/06\/19\/cybercrime\/","title":{"rendered":"The next pandemic: Cybercrime"},"content":{"rendered":"

The transportation industry, where a lot of money changes hands every second, is becoming a big target for cybercriminals. If a fleet isn\u2019t prepared for an attack, it might already be too late.<\/p>\n

Cybersecurity is like the COVID-19 virus, according to CarriersEdge<\/a> CEO Jane Jazrawy. \u201cIf you\u2019re not protecting yourself, you can get it. You won\u2019t know it right away, and it\u2019s going to be really detrimental when it happens. You\u2019ll wish you could turn back the clock\u2014but you can\u2019t,\u201d she said.<\/p>\n

COVID-19 isn\u2019t the only pandemic the world will face this decade, stated Christopher Krebs, former director of the federal Cybersecurity and Infrastructure Security Agency<\/a>. \u201cConsidered a low-dollar, online nuisance crime only a few short years ago, ransomware has exploded into a multibillion-dollar global racket that threatens the delivery of the very services so critical to helping us collectively get through the COVID pandemic,\u201d he said in testimony before the U.S. House Subcommittee on Cybersecurity in May. \u201cTo put it simply, we are on the cusp of a global pandemic of a different variety, driven by greed, an avoidably vulnerable digital ecosystem, and an ever-widening criminal enterprise.\u201d<\/p>\n

Cybercrimes have been around since the early days of computer networks in the 1970s. While these crimes have steadily increased in the decades since the U.S. Defense Department’s Advanced Research Projects Agency Network (ARPANET) led to the internet, cybercrimes have reached a torrid pace since the COVID-19 pandemic changed the office work landscape in the U.S. Just last spring, the FBI reported a 300% increase in cybercrimes between March and May 2020. The transportation industry has seen similar surges in attacks this year, according to Ben Barnes, McLeod Software\u2019s<\/a> vice president of IT services and chief information security officer.<\/p>\n

\"\"<\/span><\/p>\n

Sources: FBI, Cybint, Travelers<\/span><\/p>\n

\u201cWe didn\u2019t see a lot of attacks in January and February, but in March and April, the ransomware attacks have escalated in our industry, and we don\u2019t know why exactly,\u201d Barnes, whose company provides transportation and trucking software solutions, told FleetOwner<\/em>. \u201cBut if we can map these patterns and know the same thing happened last year in March and April when we saw attacks go up, we\u2019re starting to see a pattern.\u201d<\/p>\n

The May 7 ransomware attack on the Colonial Pipeline Co.<\/a>, which supplies 45% of the East Coast\u2019s fuel, is one of the latest examples of a cyberattack\u2019s power. The breach forced the company to shut down its four main pipelines between Texas and New Jersey, leading to fuel market concerns. Shortly after the attack, Colonial said it was breached through its corporate computer system.<\/p>\n

The transportation industry has become a high-value target, Barnes said, because it is so big and \u201cthere is so much money changing hands every second of every day.\u201d<\/p>\n

If cybercriminals gain access to a fleet\u2019s IT system and install ransomware, the company will face some complex decisions, Barnes noted. \u201cA ransomware attack in our industry can easily shut down your business for three days. You can\u2019t dispatch loads, you can\u2019t pay drivers or conduct financial transactions of any sort, and you may not be able to use email,\u201d he said. \u201cCompanies that don\u2019t have an incident response plan in place may be looking at one or two weeks of inactivity. The impact on the business can be severe and lasting.\u201d<\/p>\n

Human error<\/h3>\n

More than 90% of cybersecurity problems originate from human error, according to Cybint<\/a>, a firm that offers cybersecurity education and training for businesses. \u201cThat is human error on emails, people that left open or misconfigured their router or firewall and essentially left holes for attackers to come in,\u201d Barnes noted as examples. \u201cHuman error can come from all over the place\u2014it\u2019s not just one area. It\u2019s not just email. Education awareness can go a long way.\u201d<\/p>\n

Cybercriminals, he said, are like most other criminals: They are looking for an easy way in. He compared businesses to a bunch of homes on a cul-de-sac. \u201cYou don\u2019t want to be the house with the doors open, no guard dog, no cars in the driveway,\u201d Barnes said. \u201cYou want to be the house that has a security system and locks its doors. They are going to move on to attack the easier target. You don\u2019t want to be the low-hanging fruit.\u201d<\/p>\n

How hackers use ransomware is evolving, according to Scott Hellberg, director of information security governance, risk and compliance for Sentry<\/a>, an insurance provider for long-haul fleets and owner-operators. \u201cAt one point, ransomware was simply malware loaded into a phishing email,\u201d he told FleetOwner<\/em>. \u201cWith that, [the hacker] will gain access to the machine and encrypt it.\u201d<\/p>\n

Now, he said, cybercriminals are taking more of a \u201cshotgun\u201d approach where they don\u2019t have a specific target. The goal is to get the malware on as many networks and machines as possible. Then, once the hackers have access to a network, they decide when to activate the ransomware. Cybercriminals are \u201cbetting on the fact that most people don\u2019t do a good job with backups and have put themselves in a position where their data is one of the most important aspects of them being in business,\u201d\u00a0Hellberg explained.<\/p>\n

\"\"Businesses without good data backup plans are most susceptible to being held at ransom, Hellberg said. If businesses do not have a good backup system in place, cybercriminals could force the organization to pay a ransom in whatever cryptocurrency the attackers want. A cybercriminal can lock up an IT system until the victim company pays for a \u201ccyber key\u201d to regain access to the data.<\/p>\n

Sometimes this malware lies dormant in a company\u2019s network or an individual computer. Barnes said it could become like a \u201cpyramid scheme\u201d for hackers once they gain access to a system. Along with selling access to various criminal networks on the dark web, cybercriminals like to go after the same organizations more than once.<\/p>\n

\u201cWe\u2019ve seen some midmarket and smaller transportation firms get hit multiple times,\u201d Barnes said. \u201cThat is as baffling to me as any of this because if you got hit once, you\u2019re on a list. Suppose [a hacker] has credentials to get into your system. In that case, that attacker can sell those credentials to another attacker\u2014and that attacker will go and map out your network and find everything you have, and they will sell it to another attacker who will run ransomware on it. Well, each one of these sales puts that information out there for public knowledge,\u00a0 and that can be resold yet again.\u201d<\/p>\n

Companies that don\u2019t tighten up their cybersecurity, make changes, or learn from the past are the companies most likely to get attacked multiple times, Barnes said.<\/p>\n

\u201cIf a fleet hasn\u2019t started thinking about cybersecurity yet, then they\u2019re probably being targeted right now,\u201d Jazrawy told FleetOwner<\/em>. \u201cIt\u2019s just too late now. You should be immediately starting something now if you haven\u2019t done it because someone has probably found you. It\u2019s crazy not to be doing something, and that something has to include both your backend systems and your people because that is how they are getting to you.\u201d<\/p>\n

Print a plan<\/h3>\n

Chris Sandberg, vice president of information security for Trimble Transportation<\/a>, said that larger fleets tend to have better cybersecurity plans than smaller carriers. But no matter the business size, a company\u2019s cybersecurity plan should start with examining its critical workflows, he said.<\/p>\n

\u201cFigure out what workflows are actually critical to your system,\u201d he told FleetOwner<\/em>. \u201cThen make sure you document those workflows. I always encourage people to make sure that you print them out and redo this at least annually, if not quarterly.\u201d<\/p>\n

The printouts should include workflows and who has access to what information and network systems. The hard copies should also include procedures and phone numbers to call if there is a system breach. Sandberg suggests putting all of this critical information \u201cin big red binders and put it everywhere.\u201d<\/p>\n

Sources: FBI, Cybint, Travelers<\/span><\/p>\n

While creating these documents of company workflows and information, Sandberg said, fleet managers and executives will learn more about their critical processes, such as who has access to what within the system. \u201cFrom there, make sure only the people that need access have access,\u201d he suggested as a way to tighten control.<\/p>\n

Most importantly, Sandberg said, have an offline system. \u201cIt can be something as simple as somebody writing a little [computer] script, copying the files to another file share that the main users don\u2019t have permission to [access], which is what we call an offline backup,\u201d he explained. \u201cSo, if someone gets infected with something like a CryptoLocker virus<\/a>, they can\u2019t screw up the backup.\u201d<\/p>\n

How often a company backs up its system depends on the business, Sandberg added. \u201cIt depends on the criticality,\u201d he said. \u201cIf the business can accept losing a day\u2019s worth of data, back it up once a day. If they can accept losing five minutes of data, copy it every five minutes. The criticality of the data is what drives the backup schedule.\u201d<\/p>\n

McLeod\u2019s Barnes said it\u2019s important for fleets to have a playbook ready in case they are attacked so they\u2019re \u201cnot reacting in a panic.\u201d He also suggested that fleets get cybersecurity insurance, which only 55% of U.S. businesses have, according to a 2020 study by Travelers.<\/p>\n

Training and education<\/h3>\n

CarriersEdge\u2019s Jazrawy said the most common risk to fleets right now is employees clicking on the wrong links in emails that look legitimate but lead to \u201ca nasty website or downloads some sort of malware.\u201d She said employees in her company had received emails mimicking Jazrawy that ask those employees to do a task for her, such as buying gift cards and relaying the gift card information back via email.<\/p>\n

\u201cAnother time, I had a staffer get a fake email from me asking them to email back their phone number, claiming I needed to call them,\u201d she said. \u201cThis was ridiculous because I already have everybody\u2019s numbers. But if they send back their number, then [the phisher] tries to call you and take it further somehow.\u201d<\/p>\n

McLeod\u2019s Barnes said he\u2019s commonly asked how many clicks of a bad email link it takes to infect a company\u2019s system. \u201cOne. It only takes one click if you open something bad,\u201d he said.<\/p>\n

All of this is done by cybercriminals who are trying to infiltrate companies through employees. \u201cPeople are by far the weakest link,\u201d said Jazrawy, whose company creates training programs for drivers and fleets. And a newer \u201cpeople target\u201d is truck drivers.<\/p>\n

\u201cThe biggest risk that I see right now is that companies aren\u2019t training their drivers because they think that the only people who need to be trained about cybersecurity are the people in the office because those are the people who are using the system,\u201d Jazrawy said. \u201cI think that\u2019s a very dangerous way to think because the drivers might not be using your systems directly, but they are certainly talking or sending messages back and forth to the people who are using your system. What are they forwarding or doing without understanding?\u201d<\/p>\n

Barnes said companies are looking for a 100% guarantee that cybercriminals won\u2019t get into their systems. \u201cI don\u2019t think that exists. You have to do the right things. Getting more preventative is like how you eat an elephant\u2014you take one bite at a time. If you’ve done that and you look up and half the elephant is gone, then you’re into some really good, multiple phases of your security approach.\u201d<\/p>\n

He added that those \u201cfirst few bites of the elephant\u201d aren\u2019t going to cost a company a lot in their cybersecurity journey. Just having data backup systems can go a long way. \u201cIf you can\u2019t 100% prevent an attack and an attack happens, what do you do?\u201d Barnes said. \u201cHaving a good backup is No. 1. That doesn\u2019t cost a great deal of money to set up, but you would be amazed at how many transportation companies don\u2019t have reliable backups.\u201d<\/p>\n

Jazrawy said it doesn\u2019t make sense just to train some employees on the dangers of cybersecurity. \u201cIt\u2019s not just the company\u2019s security; it\u2019s people\u2019s personal security,\u201d she added. \u201cThey should all be educated on how to protect themselves\u2014even when it has nothing to do with the company they work for.\u201d<\/p>\n

Most drivers, unlike office workers, are not spending much of their time online, and that can make them susceptible. \u201cIf no one explains to them what a phishing attempt looks like, they can get tricked,\u201d she explained.<\/p>\n

This can be a particular problem for drivers whose first language isn\u2019t English, Jazrawy said. Since many attempted cyberattacks come from other countries, a native English speaker might more easily pick up on a scam because of poor grammar or spelling. \u201cI\u2019ve noticed that when there are issues, it tends to be non-native English speakers who fall for it because words are what is being used in a lot of these phishing emails. I think that is something to watch out for.\u201d<\/p>\n

Jazrawy said this is something she has noticed more recently and has been working it into the onboarding process for new employees. \u201cI have had to show my staff pictures of phishing email examples and explain why I would never actually send an email like that,\u201d she explained.<\/p>\n

She said this is important for companies to explain to employees. \u201cIf you\u2019re the owner of a 200-person company and you don\u2019t talk or email with everyone every day, if someone sends a fake message from your account, an employee might not know it\u2019s not from you,\u201d Jazrawy said. \u201cBecause they don\u2019t know how you sound in a day-to-day email, they might just automatically respond because they think it\u2019s actually a message from the owner of the company.\u201d<\/p>\n

So Jazrawy created a graphic that shows new employees what type of emails she would send, including how she would greet the recipient (\u201cI would never start a message with \u2018Dear so-and-so\u2019\u201d) and even how she would sign an email. \u201cSo, they can very clearly see what I will say and what I won\u2019t say.\u201d<\/p>\n

CarriersEdge offers a cybersecurity course for drivers that the company also uses internally for its own employees. \u201cEverybody from developers to customer service goes through that course,\u201d Jazrawy said. \u201cAnd what we also do is when we get scam messages, we talk about them. We\u2019re constantly sharing information about fake messages going around because they\u2019re definitely increasing.\u201d<\/p>\n

Preparing for cyberattacks<\/h3>\n

According to most information technology experts, fleets should have a standard set of operating procedures before a cybersecurity incident event occurs.<\/p>\n

The Cybersecurity Unit of the U.S. Department of Justice (DOJ) put together a set of best practices for victim response and reporting of cyber incidents. This includes steps to take before, during and after a cyberattack.<\/p>\n

Before<\/h3>\n

According to the DOJ, these are the most critical practices for fleets to put in place to help secure their data and protect their networks.<\/p>\n

Have an actionable plan in place<\/h3>\n

\u201cOrganizations should have a plan in place for handling computer intrusions, data breaches, and other cyber incidents before they occur,\u201d the DOJ noted. \u201cThe plan should be \u2018actionable,\u2019 meaning it should provide specific, concrete procedures to follow in the event of a cyber incident; be up to date; include timelines for the completion of critical tasks; and identify key decision-makers.\u201d<\/p>\n

Engage with police before an incident<\/h4>\n

Establishing a relationship with local law enforcement before a cybersecurity incident occurs will create a point of contact for any future assistance necessary. It will also aid in creating a relationship of mutual information sharing, which would be beneficial to both fleets and law enforcement.<\/p>\n

Ensure legal counsel is familiar with cyber-incident management<\/h4>\n

If a data breach should occur, it could be beneficial for fleets to talk with an attorney who is knowledgeable about laws regarding electronic surveillance, communications, data privacy, and information-sharing to understand the potential legal repercussions of the incident.<\/p>\n

Establish relationships with data information-sharing and analysis organizations<\/h4>\n

The government created Information Sharing and Analysis Centers (ISACs) and Information Sharing and Analysis Organizations (ISAOs) to ease staying up to date.<\/p>\n

\u201cISACs share analysis of cyber threat information within their respective sectors, with other sectors, and with the government. Depending upon the sector, they may provide other cybersecurity services as well,\u201d the DOJ said.<\/p>\n

ISACs exist for what is considered the 16 \u201ccritical infrastructures\u201d of the U.S., but because not every industry falls within these 16 sectors, organizations have created ISAOs. ISAOs are intended to provide the same benefits and information as ISACs for specific industries or markets.<\/p>\n

The vehicle industry has its own ISAC, where intelligence is shared on developing cybersecurity risks to vehicles. As vehicle cybersecurity capabilities are improved, information is posted at automotiveisac.com<\/a>.<\/p>\n

During<\/h3>\n

During a data breach, the DOJ recommends the following steps:<\/p>\n

    \n
  1. Make an initial assessment<\/li>\n<\/ol>\n

    Assess the situation and first determine the cause of the incident. Was the incident a malicious act, human error, a technological glitch, or some combination of the three? From there, fleets should be able to ascertain what action needs to be taken.<\/p>\n

      \n
    1. Implement measures to minimize continuing damage<\/li>\n<\/ol>\n

      After a data breach, a fleet should do whatever possible to mitigate the corruption to their systems.<\/p>\n

      Robert Vogt, chairman of IOSiX, a manufacturer of electronic logging device (ELD) hardware and high-end automotive data acquisition systems, recommends a few preventive measures that can also help to avoid further damages from a cybersecurity incident.<\/p>\n

      \u201c[Fleets should] be extremely careful about vetting any devices they add to the vehicle,\u201d Vogt said. He suggested disabling any wireless communication features or functions that the fleet doesn\u2019t use, including Wi-Fi, Bluetooth, and\/or an OEM telematics system. \u201cIf you’re not using it, it’s using you,\u201d he added.<\/p>\n

        \n
      1. Record and collect information<\/li>\n<\/ol>\n

        In the event of a cybersecurity incident, fleets should keep logs, notes, records, and any data possible that may help in analyzing and investigating the breach.<\/p>\n

        The DOJ recommends these forms of information be recorded and retained;<\/p>\n