The Next Victims
Trucking fleets may be the next targets of ransomware
- By Moshe Shlisel
- Mar 01, 2020
Among the common types of cybersecurity attacks
perpetrated on enterprises, arguably none are as
sophisticated, effective or lucrative as ransomware
is today. Ransomware is a cyber attack in
which an actor takes control of an organization’s
internal systems and holds it “hostage” until a ransom is paid by
the victimized organization.
These attacks thrive on businesses with sensitive consumer
data or where the cost of halting operations would far exceed
the ransom price demanded by the bad actor, who is expected to
retreat and turn over an encryption key to the victim.
Based on current and forthcoming advancements in trucking,
such as fleet software and autonomous technology, these companies
and their insurance carriers are bracing to have a growing
bullseye on them with ransomware attacks moving forward.
Ransomware Continues To Target
Supply Chain Businesses
Just last year, ransomware cost U.S. businesses $8 billion. This
amount may be shocking at first, but when considering the associated
cleanup costs, lost revenue can be 100 to 200 times greater
than the ransom itself. Hence, it’s no surprise that 45 percent of
ransomware victims and/or insurance companies decide to pay
the ransom rather than restore the systems themselves.
Moreover, ransomware attacks skyrocketed in the first quarter
of 2019, according to the Beazley Breach Response (BBR) Services
team, which reported a 105 percent increase in the number
of ransomware attack notifications against clients compared to
Q1 2018. Additionally, the average price of ransoms in Q1 2019
increased by 89 percent as compared to Q4 2018.
According to the report, the healthcare sector was hardest hit by ransomware attacks, followed by financial institutions and
professional services industries.
Frighteningly, many of these studies are overlooking the
looming and existing danger posed to the automotive industry,
as ransomware attacks continue to proliferate and expand to new
sectors in 2019. Most recently, the public sector was hit with attacks
on the cities of Baltimore, MD, and Lake City, FL.
Beyond those threats, there has also been an increase in attacks
on supply chain businesses. For example, Norwegian manufacturer
Norsk Hydro was hit by a ransomware attack that affected
its production and IT systems. They were an opportune
target due to the sheer amount of money lost by holding just one
part of a large and lucrative supply chain hostage. It is expected
that ransomware will only continue to grow based on insurers’
often succumbing to ransom demands and enabling what many
call the “extortion economy.”
Why Commercial Trucking
Is At High Risk
Ransomware attackers are always looking for new areas of the
economy to exploit, and innovation in the commercial automotive
space is providing a lucrative opportunity. As trucks continue
to become more connected through multiple networks and automotive
computers, they open up a new and vulnerable attack
vector for malicious hackers to enter these systems.
The cyber-hijacking of a Jeep in 2015 proved cars can be
hacked, and the biggest reason that ransomware attacks are not
commonplace in the automotive industry yet is simply a lack of
monetization and scale, as well as an industry prerogative to keep
these new stories quiet.
Both advances in Fleet Management Systems (FMS) for commercial
trucking and the emerging practice of truck platooning
create numerous vulnerabilities for ransomware cybercriminals
to capitalize on these affluent trucking companies and the insurers
tasked with writing their policies. Imagine a trucking fleet of
perishable food products or expensive medicines is stopped by
a hacker en route to customers. Companies would be extremely
incentivized to quickly pay a ransom.
FMSs are the central computer – and the heart – of a commercial
trucking operation, enabling a series of highly important
and specific tasks in the management of any or all aspects relating
to a company’s fleets of vehicles. These specific tasks encompass
all operations from vehicle acquisition to disposal and coordination
between ports and drivers.
Software, depending on its capabilities, allows additional
functions such as recording driver and vehicle details, the tracking
of procurement costs, scheduling of maintenance and servicing
tasks, import of fuel transactions, and measuring of fleet performance
via reports and charts. Considering how central long
or short-haul trucking is to many businesses around the world,
losing visibility or control of the systems would be catastrophic
– even for a moment.
If hackers can penetrate just one vulnerable truck in the fleet,
they can access the entire system and shut everything down. Logistically,
that could result in millions of dollars of lost revenue
and put future business at risk, aside from the obvious driver
safety issues that could potentially arise.
Additionally, there are more dollars in question here. The
driver safety concern is also amplified considerably based on the
way the trucking industry is progressing. As buzz grows around
the future of autonomous trucking, it is not just the communication
and business operations that can be affected, but also the
trucks themselves.
While fully autonomous trucking fleets are years away, truck
platooning is just four to eight years off. One company leading
the charge is Peloton, who announced its “Level-4” autonomous
platooning system back in July 2019. In truck platooning,
one driver controls a small fleet of trucks directly behind them
through vehicle-to-vehicle (V2V) communication that mimics the
movements of the driver, which saves gas mileage through drafting
and reduces the number of drivers needed on staff.
As with any emerging technologies, there are kinks to be
worked out, including adjusting speeds and brake timing for differing
cargo weight. Cybersecurity that protects these trucking
fleets from attacks has become a necessity, not a luxury or “nice
to have,” and must be carefully considered before these technologies
become the new normal on the road.
Approaching Security of
Connected Trucks
Vehicle security differs widely from enterprise security because
of the many moving systems involved. All modern vehicles contain
up to 150 electronic control units (ECUs), with commercial
vehicles typically housing at least 40 ECUs. In all cases, there is a
central ECU that in-vehicle and external communication passes
through for each vehicle functionality channel, such as keyless
entry, anti-vehicle theft systems, infotainment and telematics,
which are constantly transmitted back to the OEM.
The challenge with cyber protection for these ECUs is that
every time a new connected feature is added to the vehicle, it is
just another vulnerable access point for bad actors to enter the
system. Therefore, it is not appropriate to have cybersecurity solutions
block each attempt to penetrate the vehicle, but to instead
lock down and consolidate all in-vehicle communication to only
allow a single type of approved communication to alter functionality.
Vehicles require this deterministic model of cybersecurity
because randomness of attacks cannot be tolerated when the object
is a fast-moving vehicle and lives are on the line.
As all industries cope with the growth of the extortion economy
and the widespread proliferation of ransomware, it is important
that vehicle safety become a proactive conversation instead
of a reactive one. It is only a matter of time before we see vehicle
cyberattacks become mainstream, and the auto industry must establish
a safety standard for cybersecurity that
can adequately protect against bad actors who
want to control our vehicles and our lives by
extension.
This article originally appeared in the March 2020 issue of Security Today.