Staff Reporter
Social Engineering Cyberattacks on the Rise
[Stay on top of transportation news: Get TTNews in your inbox.]
WASHINGTON — More government transportation offices are experiencing social engineering cyberattacks by would-be intruders trying to psychologically manipulate employees and contractors into giving away confidential information.
Several speakers at the Transportation Research Board Annual Meeting on Jan. 8 disclosed recent examples of these sophisticated cyberattacks during a panel discussion called “Cyber Resilient Transportation: An Executive Look at the Data and Tools Necessary to Prepare the National Transportation System.”
The “all-too-human fallibilities and vulnerabilities” of the Port Authority of New York and New Jersey’s employees and contractors are being targeted for exploitation by cybercriminals, noted Josh DeFlorio, the port authority’s chief of resilience and sustainability.
“We’ve been subject to malware, ransomware attacks and distributed denial-of-service attacks, but increasingly, and perhaps most disturbingly, we’ve been the subject of significant social engineering attacks as well,” DeFlorio said.
In social engineering attacks, cybercriminals use their social skills to try interacting with personnel in a targeted organization to obtain information or gain access into its computer systems.
Jennifer DeBruhl, director of the Virginia Department of Rail and Public Transportation, described a successful cyberattack a few years ago that brought down a state system for six months, forcing employees to return to paper processes to get vital work completed.
DeBruhl
“Just last week we had another attempted attack that was made to look like me contacting my staff looking for information, which was very creative. My team has learned a lot through this experience,” DeBruhl said.
Cordell Schachter, chief information officer at the U.S. Department of Transportation, shared that he had even received a fake email using his name in a cyberattack emailed to himself.
He offered several tips to avoid successful cyber intrusions such as requiring multifactor authentications and separating systems within an IT network so a single password cannot grant access to many systems.
What You Can Do
- Designate a cybersecurity point of contact within an organization
- Create a cybersecurity incident response plan (what you’re going to do and what your backup plans are if an incident happens)
- Develop a cyber incident reporting plan
Source: U.S. Department of Transportation
“If you think you’ve been attacked, you should know in advance who to contact, that it needs to be the FBI or CISA [Cybersecurity & Infrastructure Security Agency] and what those phone numbers are. Everyone should be completing a cybersecurity self-assessment to help each of us understand our current exposures and inform our plans to remedy them,” Schachter said.
The most important prevention advice for the surface transportation industry is to replace manufacturers’ default passwords immediately, he urged.
USDOT is combating social engineering cyberattacks, such as phishing ploys to gain information, by giving employees monthly phishing tests.
“We have driven our [employees’] click rate down from 20% to 4% by the tests and by looking at the results of our phishing tests to see who our frequent fliers are,” he said. “If you fail the phishing test, you get training on the spot explaining what it is you did. Now people are hesitant to click, and that’s what we want.”
Another successful technique has been DOT’s placement of red banners atop internal emails. This visual measure ensures everyone knows immediately if an incoming email, even disguised as a fellow employee, is a fake if it lacks the red banner.
“Basic cyber hygiene can have immediate effect,” Schachter added.
DOT also has added cybersecurity to its strategic plan.
In addition, DOT shares with the Department of Homeland Security in the federal government’s risk management of CISA’s Transportation Systems Sector to safeguard the nation’s transportation system. The national transportation network is divided into these areas: highway and motor carriers, the maritime transportation system, aviation, mass transit/passenger rail, pipeline systems, freight rail, and postal/shipping. CISA has online materials to help foil cyberattacks.
Want more news? Listen to today's daily briefing below or go here for more info: