Trucking Fleets are Cyber Targets

WHY THIS MATTERS

Every trucking business is in a race to transport goods on time and in good condition.

What happens if the truck does not reach the finish line because of a cyberattack?

Opportunistic hackers are attracted to trucking fleets as ransomware targets because of the large financial transactions that they handle and their cyber vulnerabilities.

A single cyberattack can shut down one truck or your entire fleet, which makes the potential financial loss much higher than road safety or cargo theft losses.

TRUCKING FLEETS’ CYBER EXPOSURE IN 2020

Two significant risk factors are at play during 2020:

Increased connectivity of trucking fleets – As the connectivity of trucking fleets grows, so do cybersecurity risks.
COVID-19 Pandemic fears – As employees cope with Pandemic fears and concerns, they become distracted and more vulnerable.

Thus, the trucking industry has become more vulnerable, making it a top target of ransomware attacks in 2020.

Also, two things have changed in 2020:

Average ransom payments – In the first quarter of this year, ransom payments averaged $111,605, up 33% from just the previous quarter.
Data theft after the ransomware attack – More than a tenth of crypto-malware infections now involve some element of data theft.

RANSOMWARE ATTACKS ON TRUCKING COMPANIES ON THE RISE

Recently, ransomware gangs have attacked six Canadian supply chain firms, ultimately posting their data publicly.

Manitoulin Transport

Manitoulin Transport is the sixth Canadian supply chain company to see its data posted by ransomware groups in 2020.

In September 2020, hackers posted stolen data online from Manitoulin Transport, the 14th largest trucking company in Canada, with 745 trucks. Manitoulin Transport discovered the ransomware attack on July 31, 2020, after employees reported system access issues, but the stolen information was not leaked online until Friday, September 11, 2020.

Typically, hackers use ransomware attacks to breach companies’ systems, lock their data and files, and seek a ransom payment to unlock the data.

A recent trend involves an additional step – the threat to disclose the data online. This scenario has been coined double extortion, often carried out by the Maze ransomware criminal group.

Manitoulin Transport’s President, Jeff King, confirmed that hackers did not steal customer data or information in the attack and did not compromise any mission-critical systems. Thus, the company refused to pay the ransom and worked with cybersecurity experts to elevate its internal cybersecurity.

The company experienced two days of business disruption with no reports of cyber insurance coverage to cover some of the incident response costs, including the external cybersecurity experts or forensic investigators.

Since August 2020, hackers have attacked and leaked data from companies across Canada, including Axxess International, Beler Holdings, Fuel Transport, and Indian River Express.

TFI International's Canpar Express

A ransomware attack hit TFI International’s four Canadian courier divisions in August 2020, two days after the transportation and logistics company raised millions of dollars in a share offering.

TFI, Canada’s largest trucking and logistics company, reported that the attack impacted “some systems” of Canpar Express, ICS Courier, Loomis Express, and TForce Integrated Solutions (according to notices posted to the couriers’ websites).

“We continue to meet most customer shipping needs, and we are not aware of any misuse of client information,” the notices state. “Out of an abundance of caution, we want to make our clients aware of the incident, should you be experiencing any issues.”

TFI told its customers that they will meet customer shipping needs and that the attack is under investigation.

Subsequently, the hackers began publishing data about Canpar’s internal operations on the dark web, indicating that the ransom has not been paid.

Ransomware attackers hit US trucking companies as well.

A family-owned trucking and recycling company, Tom Berkowitz Trucking Inc. of Whitinsville, Massachusetts, suffered a ransomware attack in April 2020.

The Maze ransomware gang carried out its classic data locking, followed by the release of company data on the clear web while Maze has locked down the company’s system since April 25, 2020. The investigation is ongoing.

Less-than-truckload (LTL) carrier A. Duie Pyle of West Chester, Pennsylvania, was a victim of a ransomware attack in June 2019.

The company’s systems engineers found that a Trojan virus was “dropped in” to its computer system on April 19, 2020, nearly two months before it triggered the ransomware attack that locked out users.

Within days of the ransomware attack, the company was back online with little disruption to its customer service network.

Duie Pyle refused to pay the ransom and had to rebuild all of its applications, including its document systems, to invoice customers.

Peter Latta, chief executive of A. Duie Pyle, said: “Customers continued to support us even when our service wasn’t quite spot on, but it was pretty close. We have fully climbed out of this.”

THE EXPANDING ATTACK SURFACE

Emerging Risks of Connectivity

Connectivity is positively impacting commercial truck fleet operations. Fleet owners have increased their reliance on connected trucks to improve their uptime, safety, fuel efficiency, and tracking, among other things. However, every connected technology — from telematics and remote diagnostics to in-cab software and onboard IoT devices like cameras — adds new cybersecurity vulnerabilities. Each of the technologies comes with an emerging risk, and the connectivity increases the cyber exposure exponentially.

Frost & Sullivan forecasts that 55 percent of commercial trucks in North America will be connected by 2025.

How can fleet owners and operators control the cybersecurity risks while still embracing innovation?

Mark Murrell looked at this issue from the cybercriminal’s point of view in a recent article. Murrell considered (generally) how trucking companies have:

A large amount of cash and credit, attractive to hackers.
Minimal IT staff.
Outdated equipment.
Minimal employee security training.
Centralize and local dispatch management systems on a local network.
High cyber risk tolerance.

Murrell concludes that the cyber threat can largely be mitigated by education that results in a well-trained workforce.

Urban Jonson, chief technology officer at National Motor Freight Transportation Association (NMFTA), recently commented: “Complexity, homogeneity, and connectivity are among the top cyber threats facing connected fleets. Trucks have an increasing number of complex ECUs connected to each vehicle’s CAN bus network and telematics systems connected to the internet.”

Jonson explained there is a relatively high degree of homogeneity in the overall composition of individual fleets and across North American commercial vehicles as a whole. “Having large numbers of similarly configured vehicles increases the potential impact of a single attack,” he said.

Emerging Risks of Electronic Logging Devices

Research company Markets & Markets estimates the connected truck market to be worth $37.64 billion globally by 2022, doubling 2017’s estimated $18.6 billion market. Government mandates are among the top drivers, the company says.

One example of a government mandate is electronic logging devices or ELDs. The US Congress mandated the so-called ELD Rule intending to improve the safety of millions of drivers on the road and reduce crashes. The rule came into effect in December 2017, but fleet operators using legacy automatic onboard recording devices (AOBRDs) have until December 2019 to make the switch.

ELDs automatically keeps track of the driver’s hours of service by connecting to the engine, and most ELDs use a cellular data network connection. While many ELD manufacturers have said it’s virtually impossible to hack the devices because they’re designed only to read data, security researchers have proven otherwise. Testing five different ELDs, cybersecurity company IOActive found vulnerabilities that could allow attackers to “pivot through the device and into the vehicle,” with disastrous consequences.

“There is still significant concern regarding the cybersecurity posture of ELDs and their providers,” Urban Jonson, CTO at NMFTA, says. “In-vehicle components have been found to lack in cybersecurity hygiene features such as secure boot, encrypted communications, and privilege separation.”

Additionally, he says other concerns include secure communications, authentication, and other basic security in cloud systems.

Jonson says fleet operators should view their own cybersecurity — and that of their suppliers — in the broader context of business continuity.

SUPPLY CHAIN VULNERABILITIES

A security breach from the supply chain is just as impactful from your company’s network.

Our recent article on Third-Party Risk discussed how your business needs to ensure that third parties, such as business partners, suppliers, and vendors, are maintaining adequate cybersecurity levels. If they are not cyber secure, then you are not cyber secure from hackers in search of weak links in the supply chain.

During COVID-19, you may be working with new or substitute suppliers. Have you vetted their cyber hygiene

Businesses of all sizes are well-advised to conduct vendor risk management and consider investing in Stand-Alone Cyber Insurance as part of your holistic cyber risk management plan.

HOLISTIC CYBER RISK MANAGEMENT

Validate Cybersecurity Measures

Best practices require that you regularly validate your security measures, for example:

Train staff regularly on spotting potential threats and malicious emails. Employee awareness goes a long way in reducing the hackers’ success rate regarding fraudulent, spoof, or phishing emails that lead to ransomware attacks, data breaches, or funds transfer fraud.
Use multi-factor authentication (MFA) for remote access to Microsoft365 products. Fraudulent emails often trick employees into entering their login credentials. Using MFA can prevent outside threat actors from obtaining this data, even if they have your password.
Use 2-factor authentication (2FA) for wire transfers over a certain monetary threshold and international funds transfers (whether or not you conduct offshore trade). Threat actors often exploit when key personnel is out of the office (e.g., on a long holiday weekend), making it more difficult to authenticate. Setting up clear authentication protocols for large or foreign transfers with your bank can help prevent or recover fraudulent wire transfers.
Enforce secure, unique passwords and regular changes, including on firewalls and routers. Do not allow the use of default passwords on IoT devices.
Regular cybersecurity updates and patching on all IoT devices, BYOD ELD, and installed ELD should be part of your cyber due diligence.
Regular backups of sensitive and critical data. In many ransomware events, computer systems can be wiped and restored with no ransom paid and minimal impact to operations.
Enable remote system wiping on mobile devices and computers for when items are lost or stolen.

THE CYBER SOLUTION: STAND-ALONE CYBER INSURANCE

Your trucking company can survive disruption to your IoT devices and systems that impact your business operations with the help of Stand-Alone Cyber Insurance to protect your bottom line.

In addition to the support of a pre-established incident response plan and team, you will gain essential services and coverages:

If you suffer a data breach, your business will need to stop the breach, conduct a forensic investigation, notify all those impacted, recover or restore your data, use public relations to maintain your brand, and possibly defend third-party liability claims or lawsuits for damages by injured parties.
If you suffer a ransomware attack, you can obtain support in negotiating the ransom demand and be compensated for the ransom payment (made with the prior written consent of the insurer).
If you experience business interruption from a cyberattack, you can be compensated for lost profits, and extra expenses such as payroll, during the downtime (after a brief waiting period).
If you experience funds transfer fraud, you can obtain support in recouping some of the funds and compensation for the funds that are not recovered.

Stand-Alone Cyber Insurance is an integral part of your cyber risk management planning. You need not go it alone when looking to reduce the financial loss from a cyberattack.

TAKEAWAYS

Cybersecurity measures are an essential part of your cyber risk management, but they are only as effective as the weakest link in your supply chain.
If your cybersecurity measures fail to prevent a ransomware attack, you will benefit from having transferred any residual (i.e., unstoppable) cyber risk to a Stand-Alone Cyber Insurance Policy.
An Incident Response Plan (developed in collaboration with your cyber insurance carrier) will provide you with a team of specialists to guide you through a cyber event response.
Time is money when it comes to cyber risk protection. Please reach out to a specialized cyber insurance broker and cyber insurance carrier to ensure that you transfer your cyber risk to protect your bottom line.

Reach out to a specialist cyber broker, such as Cyber Armada Insurance, to request innovative and robust cyber solutions appropriate for your needs and cyber risk tolerance. We understand the evolving demands and expectations of cyber insurance clients.

Please watch for our next article on 3PL Logistics Cyber Risks.