Pratum Blog

People working in office overlaid with code

In an already unfavorable economic environment, state-sponsored and criminal cyberattacks made day-to-operations difficult for businesses in 2022. Looking ahead to 2023, encryption technology company NordLocker named 7 cybersecurity threats and trends to watch in the coming year:

1. The rise of fileless malware. Because fileless malware does not require its victim to download any files, it is practically undetectable by most information security tools. Malware of this kind exploits vulnerabilities in previously installed and trusted (and usually well-known) software applications. Fileless malware requires significant skills to develop and conduct, but they attack without introducing a foreign file into your system. It sneaks into legitimate operating system processes (especially Windows PowerShell) and works against you. That makes it extremely hard to detect through traditional antivirus software, which works by looking for known file signatures.

2. Targeting supply chains. The interconnected world of commerce has a critical vulnerability in the supply network that only becomes more exposed as the interconnectedness grows. By targeting companies that play critical roles in the activities of other businesses, such as raw materials suppliers or logistics firms, cybercriminals can grind an entire supply chain to a halt and apply mounting pressure to make victims meet their demands. We already see this trend in 2022, and these types of attacks are only ramping up. A data breach anywhere in a business’ supply chain can quickly cascade through other organizations, shutting down operations and creating significant costs. That means businesses must take an active interest not only in their own information security posture but in the security of companies they rely on throughout the supply chain.

3. Employees will be a weak link in corporate cybersecurity. The human factor is a factor in more than 80% of cyberattacks. This means that companies must improve employee awareness and agency. When most people talk about developing an information security program, they are referring to the administrative, physical or technical controls used to protect information. The reality is that employees manage designing, implementing and following all controls put in place to protect sensitive information. One misstep by an employee can spell disaster in terms of information security. And it often does. The good news is that by supplying effective information security training to end users, we can solve many security issues. 

Rather than viewing your employees as a weak link to offset, enlist them as frontline defenders against cybersecurity threats. Use our Employee Security Awareness Training Planner to get started.

4. Ransomware will become more targeted. Usually, ransomware is spread randomly to numerous targets by phishing or other social engineering methods with the hopes that someone will click the link or supply their credentials. What criminals are developing now, however, is a much more selective, customized approach to social engineering. This means that it is more important than ever that you are actively watching for attacks. If a ransomware actor does get a toehold in your system, spotting it immediately lets you shut down the breach before things get out of hand. IBM reports that it takes 280 days to identify the average breach. You can do a lot better. The latest defense is a Managed Extended Detection and Response solution that constantly monitors activity, uses artificial intelligence to recognize multiple different acts as a brewing attack and actively steps in to shut down suspicious activity.

5. Cloud security will become increasingly important. Cloud storage and networking continues to grow. If you’re thinking only in terms of access to office-based computers and servers, you’re several years behind. The rapid switch in 2020 to working from home should cement our understanding that the dispersed workforce is here to stay. Your data probably lives largely in the cloud with access coming from dozens of personal devices and home networks. Your plan and training need to cover all of that.

6. The EU threatens interoperabilty laws, which may make encryption more challenging. In order to encourage greater interoperability between services and devices, the EU put forward a proposal that could weaken encryption laws in Europe, which could have negative effects on encryption worldwide. If it passes, the new law will require digital platforms to scan every single message or file sent through their services for suspicious content. Even if the law is approved, understanding email encryption and figuring out how to balance user security and interoperability is important. The dangers of not encrypting emails are numerous. Not only do you put your clients’ information at a higher risk of being leaked, but you also put your own business at risk. If a criminal were to access private information on your client or your company, they may try to use that information for extortion. They could also utilize certain details found to try and access other areas of your company. With the right data, a threat actor can gain access to systems that are configured securely.

7. Reduced cybersecurity spending will expose vulnerabilities. In a recession, many companies and individuals are rethinking their budgets, and cybersecurity spending is often among the first to receive a cut. This presents an opportunity for criminals who will take advantage of the lowered barriers to entry. It is possible that budget-tightening alone could make 2023 one of the costliest and most destructive years for entities affected by cybersecurity incidents, which means that companies should not avoid spending, but instead should be seeking ways to make spending more effective. By keeping it simple, communicating with numbers, getting to the point quickly, using visuals and not making assumptions, the trusted security expert at a company will make cleaner, more persuasive, more efficient advocacy for risk mitigation and network visibility and defense.

Pratum’s approach to cybersecurity threats is one that is based on risk, not fear. If you are looking for a trusted cybersecurity partner who can maximize your opportunity to extend your security to meet the demands of 2023, contact us today.

Avoiding The “Cyber-Highwayman”

Semi truck driving in tunnel

As technology in the transportation and logistics sectors grow increasingly interconnected, the risk of cyber attacks rise. Transportation companies are being forced to find new ways to defend against ever-evolving threats.

On the morning of September 1, 2022, dozens of fleet taxis converged on one of the busiest streets in Moscow, halting traffic. Yandex Taxi suffered a successful attempt by hackers to disrupt their transportation system by ordering a hundred vehicles to a single pick-up point. With the advent of new transportation technology comes a host of new vulnerabilities. In the past ten years, cyberattacks have increased exponentially, with a staggering increase in numbers. Since 2010, cyberattacks on both individual vehicles and fleets have increased by 344%. Attacks like these can compromise, cripple, or even destroy a fleet business. Transportation companies must evolve their traditional loss-prevention concepts and develop a comprehensive approach toward a company-wide cybersecurity mindset.

Attacks on the Road: Then and Now

Before the combustion engine, a bad actor who robbed people on the road was referred to as a “highwayman.” But as technology has evolved, so have criminals. Years ago, a criminal had to break a window or door and then hot-wire the ignition to steal a truck and its accompanying cargo. Nowadays, once thieves hack into the vehicle’s interface, or access one of its mobile apps, there is nothing stopping them from simultaneously unlocking the doors, and remote starting the vehicle. Technology can be used to remove all physical barriers to access. That’s only part of the problem. Theft, which used to be the primary outcome stemming from a truck trespasser, is now not even the worst thing that can happen. Although outright vehicle theft is an obvious risk that can be mitigated with good cybersecurity, modern trucks hold information that is even more valuable than the cost of the truck or its cargo. They store enormous amounts of proprietary business data.

Fleets are first at risk of having intellectual and business information property stolen, which can then be used to commit broader crimes against the company or others. An individual who hacks into a vehicle can gain access to specifications, maintenance records, operational data, route information, and even personal information. The cyber-highwayman can discover a vehicle’s travel history, the home address of the driver, inventory and routes and vulnerabilities in both the physical and digital network. Once inside the network, the attacker will find a target-rich environment.

Vehicles don’t need to move an inch for ransomware to create massive problems for a trucking business. A delivery fleet hacked during the Christmas rush doesn’t need to be physically commandeered to disrupt the holidays. A hacker who can disable the locks can either hold packages hostage or make those packages accessible to looters. The scale of the threat is huge and limited only by the imagination and skill of the cyber-highwayman performing the attack. Fleets are highly tempting targets, and due to the complexity of physical and digital security, potentially have numerous vulnerabilities.

Anatomy of a Truck-level Breach

Enemy nations can attack supply chains at the transportation–level, but there is also incentive for criminals, both foreign and domestic, to take advantage of transportation network vulnerabilities.

While hackers may begin an attack with a specific goal, the more likely attack is one which seeks the first, fastest or easiest opportunity available once a system has been breached. In most cases, they are simply looking for easy money. Bad actors are flexible: even if they had an original goal, once they have hacked into a system, they can easily pivot to richer or more available targets. That makes it harder to defend against their attacks.

There are many actions hackers can take at this point, and it is not limited to outright truck or cargo theft. The odometer mileage can be rolled back when making warranty claims, or rolled forward for making individual mileage claim reimbursements, for example. A lessee could roll back the odometer and not pay for the miles they drove/leased. You could even disable exhaust after-treatment systems, avoiding diesel exhaust additive costs, for example.

Managing the Complexities of a Fleet

At the Fleet Data Management & Cybersecurity Conference hosted by the American Trucking Associations’ Technology & Maintenance Council, Mark Zachos, regional chairman at SAE International said, “What I don’t think that we pay enough attention to, frankly, is that data, equipment, the laptops, the interface device, the maintenance tools, maintenance equipment, that too needs to have security and privacy provisioned into it.” Zachos mentioned that location and performance data of vehicles is tracked remotely, but that is just the beginning of a fleet’s security vulnerability. Competitors or other spies can gather intelligence, but – more than that, they can also potentially compromise trucks.

“Maybe they de-rate the engine,” Zachos said, “Maybe they drain the DEF or all the sensors. Maybe they turn the seat heater up so the driver doesn’t want to sit there anymore. And finally, the safety issues like disabling the brakes.“

Hackers can target telematics systems and application servers or take advantage of mobile apps. The hacker pretends to be someone else and pairs the hacked-in app with a vehicle they do not own.

The threat is evolving constantly.

Taking Advantage of the Human Factor

Vehicle security should be approached by vehicle operators as if it is a new computer network. Yes, it will have robust cybersecurity systems built in, but as with all security technology, the most crucial element is a well-trained human with a cybersecurity mindset. Truck operators should be trained in and understand their company’s cybersecurity approach starting on Day One. Just as cyber-aware individuals will buy software and commit to practices that go beyond the technology built into their new personal device, cyber-aware transportation employees will be active contributors to the security of vehicles and the supply chain overall. No matter how good the built-in proprietary cybersecurity system is for a truck, or an entire fleet, extra protection and participation is critical.

Dan Murray, senior vice president of the American Transportation Research Institute makes it clear that, whether modern technology is promising autonomous vehicles or other AI-features, the human operator will continue to be the main actor. “When you get to Level 4, even potentially 5, the driver is still going to be king.” The same applies to cybersecurity. The driver must be equipped with the right technology, but that must be accompanied by the correct training and an understanding of the company’s robust approach to cybersecurity.

So, it isn’t just about technological defenses, it is also about training drivers to better understand their own trucking tech in order to be cybersecure.

Securing the supply chain against bad actors and technological failure requires complex, strategic planning but the first line of defense can – and should – be developed at the operator level. Transportation companies need a trusted advisor who has the experience, expertise and ability to help the fleet manage risk end-to-end.

For transportation cybersecurity planning and execution, contact the experts at Pratum today.

BEC Attacks use sophisticated techniques that can trick all but the most attentive email users. Attackers typically impersonate a legitimate contact asking for a transfer of funds. But when victims send the money, it lands in a bank account controlled by the bad guys. The hackers quickly conver the money to crypto currency or shift it into other untraceable channels. It may be days before you even know you sent the money to an imposter.

Here are the key stages of business email compromise:

Stage One: ID Target

Highly organized hackers use LinkedIn, company websites and other resources to identify executives, accounting employees and others who could be high-value targets. Social media lets them craft highly personal attacks using names of acquaintances, actual travel plans, etc.

Stage Two: Grooming Target

With their target selected, hackers begin using spearphishing emails, phone calls and other approaches to get targets to unwittingly give up their login credentials.

Stage Three: Transfer of Information

Hackers spring the trap by inserting themselves into an email thread and asking for a transfer of funds whie posing as a legitimate contact.

Red Flags of Business Email Compromise:

  • Spoofed address. Look carefully at the actual domain name, not just the sender's display name. This spoofed domain has an extra character in the company name.
  • Malicious link.This link actually leads to a credential harvesting sitee. Hover your mouse pointer over the link before clicking it to confirm that it's going to the expected address.
  • Real data used to fool you. Because hackers may be monitoring your email, they may jump into a legitimate thread. In this case, the first message in the sequence came from a real vendor talking about a real invoice. The hackers have inserted themselves and took over the discussion, cutting the real vendor our of the thread.
  • Timing. This is a fake email from the scammer, who sent the request late in the week, hoping to catch an employee rushing to complete tasks before leaving.
  • Suspicious attachments.If you're not expecting an attachment, don't open it. Call the sender to confirm it's a legitimate file.
  • Sudden change in normal procedure and/or urgency. Be extremely wary of changes in deadlines, bank accounts, etc. Call your contact to confirm what's happening.
  • Unusual name usage. Hackers posing as legitimate contacts often fumble the details of names, so pay attention to any discrepancies such as someone who normally goes by "Michael" signing a message as "Mike."

Stage Four: Wire Transfer

Victims fall for the fraud by sending funds to a bank account that's actually operated by the criminals.

Teach your team to understand how to spot business email compromise and prevent potential attacks. To learn more about Pratum's security consulting services, contact us today.

The information we track while users are on our websites helps us analyze site traffic, optimize site performance, improve our services, and identify new products and services of interest to our users. To learn more please see our Privacy Policy.