Inventory: Top 10 cybersecurity incidents in the global transportation industry

With the development of Internet information technology, the transportation industry, including the fields of sea, land and air, has gradually started digital transformation. The interconnectedness of systems and reliance on technology has led to the emergence of new risks: the shipping industry has become a key target of ransomware attacks, and the civil aviation industry has faced the security risk of data breaches. The transportation industry is closely related to people’s lives. Once cyber attacks are encountered, it will affect passengers’ travel plans and increase time costs;

“Security Internal Reference” sorts out the network security incidents in the transportation industry that have been tracked, and selects ten representative incidents in the past three years to provide reference for relevant departments and units to prevent problems before they occur.

  01

French shipping giant hit by ransomware attack, global freight container booking system forced to go offline

4th largest containership and supply vessel operator in the world in September 2020(France) CMA CGM hit by Ragnar Locker ransomware attack, the company’s branches in Shanghai, Shenzhen and Guangzhou were affected, andCaused its global freight container booking system to be taken offline. Ken Munro, a UK-based cybersecurity researcher, said it was not usually the ships themselves that were affected in major security incidents.Malware occasionally targets IT networks inside ships, butseriously harmfulIt is still for offices, business halls and even data centers, etc.Attack on shore-based systemsActivity. Previous major security incidents in the shipping sector include:

In April 2020, the second largest shipping company in the world (Switzerland/Italy)MSCSuffering from an unknown malware attack, causing the data center to be paralyzed for several days;

In July 2018, the world’s third largest shipping company(China) COSCO GroupA ransomware attack that disrupted business for several weeks;

In June 2017, the world’s largest shipping company(Denmark) MaerskAttacked by NotPetya ransomware, causing losses of up to 2 billion yuan.

 02

World’s largest cruise operator Carnival Corporation hit by ransomware attack

In August 2020, Carnival Corporation, the world’s largest cruise operator, suffered a ransomware attack. The company said the attackers “Accessed and encrypted part of the company’s information technology systems, and downloaded files from the company’s network. Based on an initial assessment of the incident, Carnival said the attackers were able to access the personal data of certain customers and employees, but did not expect the incident to affect its “business, operations or financial performance.” “Have a significant impact. However, Carnival did not disclose any details about the incident itself. In March 2020, Carnival Corporation disclosed a cyberattack,The intruders accessed its internal network between April 2019 and June 2019 and stole personal information of some guests.

 03

EasyJet hit by cyberattack, data of 9 million customers leaked

In May 2020, easyJet announced that the company had suffered a cyber attack,Led to the breach of nearly 9 million customers’ personal information, including 2,208 customers’ credit card details, including financial information, email addresses and journey information. The easyJet data breach occurred in January, but it wasn’t until four months later that all affected customers were notified of the breach.At present, the law firm PGMBM has filed a class action in the High Court of London on behalf of the affected clients, and easyJet is liable for £18 billion (approximately RMB 18 billion).158.6 billion yuan) of potential liability, or the maximum amount for each affected customer£2000 compensation.

 04

Thai Lion Air’s tens of millions of passenger records leaked, have been exposed and exchanged on underground forums

In September 2019, it was revealed that tens of millions of records of customers of two airlines under Thai Lion Air had been circulated on the data exchange forum for more than a month. These records exist in two databases,One contains 21 million records and the other contains 14 million records, located in a directory. The leaked details included traveler and booking IDs, physical addresses, phone numbers, email addresses, names, dates of birth, phone numbers, passport numbers and passport expiry dates, among others.At present, Lion Air and its subsidiaries have not issued an announcement about the data breach. It’s unclear when the data breach began, with evidence that the data has been compromised since at least August.

Meanwhile, Malaysian-Indonesian low-cost airline Malindo Air also confirmed that millions of passenger data were uploaded and stored on the open Amazon Cloud Computing Service (AWS). The leaked information included passenger names, addresses, emails, dates of birth, phone numbers, passport numbers and expiration dates.

 05

The U.S. multi-state DMV sells personal information to private investigators, earning more than 10 million yuan each year

In September 2019, according to foreign media reports, the Departments of Motor Vehicles (DMV), the vehicle authority in many states in the United States, has been selling a large amount of personal information of drivers to enterprises, includingPrivate investigation companies, insurance companies, towing companies, etc. Some states make tens of millions of dollars a year from the sale of personal information.The types of personal information sold by DMVs vary, but often include citizens’name and address.In some cases, theirZIP code, date of birth, phone number and email addressWait. The sale of this data to licensed private investigators is entirely legal under the Drivers’ Privacy Protection Act of 1994.But DMVs in multiple states have also acknowledged that many customers have used this personal information in ways that have not been authorized by them in the past, soAbuse exists.

 06

Ransomware disrupts aviation information Display systems at UK airports

In September 2018, Bristol Airport in the United Kingdom was recently subjected to a ransomware attack,The airport’s flight information display system was disrupted, forcing airport personnel to work with whiteboards and markers. Subsequently, the flight information displays at the airport resumed service. The airport did not believe the attack was a targeted attack, and out of an abundance of caution, flight information displays and other application services were taken offline when the malware entered some management systems. The airport did not pay any ransom, and airport personnel said the incident did not affect or put any safety or security systems at risk.

  07

European rail system hacked, passenger data leaked

In May 2018, travel website Rail Europe issued a notice to customers that hackers had broken into the company’s flight booking website or had stolen a large amount of sensitive data. Rail Europe North America Ltd. (RENA) said the hacking incident may have exposed customers’ personal information including:Name, gender, delivery address, invoicing address, phone number, email address, credit/debit card number, payment card expiration date and verification value, etc., In addition, the username and password of some registered users may also be exposed. The company said it “immediately cut off all compromised servers from the Internet” after discovering that customers’ personal information may have been compromised, and finally determined that the breach occurred in November 2017.

  08

Middle East ride-hailing giant Careem hacked, 14 million passenger information stolen

In April 2018, Dubai-based ride-hailing company Careem revealed to the media that the company had suffered a cyber attack and caused a data breach.Hackers steal data including users’Name, Email Address, Mobile Number, and Trip Data, all users who signed up for Careem before January 14 this year were affected. According to Careem, there is no indication that the hackers had access to users’ passwords and credit card numbers.Users involved in the data breachIncludes 558,000 drivers and 14 million passengers. However, the company said it has not seen any misuse or fraudulent use of the data.

  09

Cathay Pacific fined HK$5 million for leaking 9.4 million passenger data

In March 2018, large international airlinesPersonal data of 9.4 million Cathay Pacific passengers stolen including names, passport and identity information, dates of birth, email addresses, phone numbers and historical travel information. In a statement issued in October of the same year, Cathay Pacific stated that the cyberattack would not have an impact on its flight safety and that the company had not found any misuse of passenger information. March 2020,Cathay Pacific fined £500,000 (approximately 4.5 million yuan) by the UK Office of the Information Commissioner (ICO) for the data breach. According to the ICO, because Cathay Pacific has a branch in the UK and provides flight services, it involves direct processing of relevant data. Therefore, the ICO has the right to investigate in accordance with the relevant laws.

 10

Colorado Department of Transportation Hit by Ransomware Attack, Forced to Shut Down 2,000 Computers

In February 2018, according to foreign media reports, the Colorado Department of Transportation (DOT) suffered a cyber attack——Hackers Infect DOT Computer Systems With SamSam Ransomware, and extort a Bitcoin ransom on the condition of recovering the data. The DOT said it has taken remedial measures, but not by paying the ransom, but by choosingShut down more than 2,000 employee computer devices. The researchers describe how SamSam is deployed: attackers brute force RDP connections to access the company’s internal network to infect the system of the target device, in order to use the SamSam ransomware to encrypt related files.

Based on the above cases, it is not difficult to see that whether it is maritime shipping, civil aviation departments, or online car-hailing platforms that have emerged in recent years, they are all facing cybersecurity risks such as ransomware attacks and data leakage. At present, the transportation industry is mainly faced with the following three challenges: first, the internal network security management mechanism of the platform is not perfect; second, the training of staff network security awareness is not in place; third, the risk management and control process of relevant suppliers is not clear. Therefore, various departments can solve the above problems by using the “endogenous safety” framework, strengthening the training of relevant personnel’s safety responsibility awareness, and enhancing safety risk management and control.

The Links:   2DI150D-050C CM600HU-24F BSM300GB120DLC