Ransomware on the rise in trucking, says Omnitracs CISO

If you feel like your trucking operation is under attack, you’re not imagining things. Bitdefender reports ransomware attacks were up 715% year over year in the first half of 2020 — and truck fleets were undeniably among the victims.

(Photo: istock)

“Just about every month there was a transportation-related company that had experienced some form of ransomware or cyberattack,” says Sharon Reynolds, Omnitracs chief information security officer (CISO). The challenge hasn’t been limited to the U.S.

TFI International, for example, announced in late 2020 that its Canadian courier divisions had been a victim of a ransomware attack. And not all fleets are reporting such events, she adds.

Vulnerable systems

Perhaps the attacks shouldn’t be a surprise. The business of trucking is increasingly connected.

Advances in telematics see evermore mobile phone applications connect with trucks and the software-as-a-service (SaaS) offerings that power backend systems. Every linked file or system opens another potential back door for a cyberattack. The FBI has even warned that cyber criminals could exploit vulnerable ELDs.

But Reynolds points to basic email messages as one of the most widely exploited tools when it comes to launching ransomware – the malware that encrypts computer files until someone pays a ransom. The messages seem innocent enough. Maybe it’s a note asking the recipient to review an attached invoice, or what appears to be an internal request to re-enter a password.

“One person clicks, and they bypass all the firewalls,” she says. First the files are encrypted. Then comes the threat: Pay up, or pay the price.

‘Definitely being targeted’

The attacks are not exactly new, of course.

Previously victimized industries have included banking and healthcare. “Right now, it feels like transportation is definitely being targeted. These groups have figured out that distraction to the supply chain is a cause for concern,” Reynolds says.

Truck fleets aren’t necessarily more vulnerable. It’s just appears to be this sector’s turn. Every back-office system that relies on data to support core activities is a potential target.

But securing the systems can be a challenge. While security experts need to protect everything, attackers need to find just a single vulnerability. The criminals don’t even have to be tech-savvy.

According to the dark web price index (yes, there is such a thing), hackers can be enlisted to take down a website for an hour, she says. That costs £15. Want it down for a week?

That’s £500.

Experts and planning

Reynolds stresses the value of enlisting cyber security experts to find ways to protect a fleet’s most vulnerable business processes. It’s about identifying tools the business can’t live a day or a week without. Then it’s a matter of establishing an emergency plan to be triggered if an attack occurs.

That might include a paper process to fall back on, even if it means the activities are less efficient than they would be in a digital context. Ensuring regular data backups will help. Insurance products are available to offset related losses, too.

The emergency plan also deserves to be tested, just like fire drills or the incident response plans triggered by things like collisions and spills. The National Motor Freight Traffic Association (NMFTA) offers an exercise that can be downloaded or facilitated. “How do we even disclose that we’re in trouble?” she asks, referring to one question that needs to be answered. “How do we contain it?”

Suppliers at work

Suppliers continue to find solutions of their own – actually encouraging cyberattacks in controlled settings.

Students participating in the Cybertruck Experience at Colorado State University found ways to tap into telematics devices and expose wifi passwords, illustrating why such data should not be stored in plain text. (They impersonated a truck’s electronic control unit using a simple open-source tool called a Beagle Bone.) Omnitracs participates in an array of similar initiatives, and supports the NMFTA’s cybersecurity heavy vehicle group, which brings competing telematics suppliers together twice a year. The business of cybersecurity never ends.

As for fleets that have questioned whether having a security leader or other cyber support is worth the investment?

“It might be time to re-evaluate that,” she says.