The Metropolitan Transportation Authority (MTA) recently recently revealed that a hacking group with suspected ties to China intruded on the transit’s systems back in April. The cyberattack impacted three of the transit agency’s eighteen systems and as a precautionary measure, the MTA forced a password change for 3,700 users. While the attack was initiated through an IT vulnerability in Pulse Connect Secure, concerns were raised that hackers could have entered OT systems as well. Lives could have been put at risk.
As the cyberwar against critical infrastructure continues, MTA joins the list of key transportation players under attack as we had seen with the San Francisco Municipal Transportation Agency in 2016 or more recently at the Philadelphia’s Transit Authority. But the threat is real for any critical infrastructure. Only in the last weeks have we seen fuel prices surging after a disrupted Colonial Pipeline, JBS halting meat production leading to an FBI investigation, and an attack on Ireland’s health system leaving staff back to working with paper-based systems.
Ex-CISA head shares his perspective
As the former director of CISA, Chris Krebs shared a few interesting perspectives on the recent waves of cyberattacks we have experienced across the nation:
- On a macroeconomic level, it seems like we still have a long way to go to fully understand the systemic risks that underlie our economy. As we invest time and money fighting against cybercriminals, we don’t always know where to make the right investments.
- At a sector level, dealing with critical infrastructures like the Colonial Pipeline, JBS or MTA: decades of deregulation and consolidations have created an aggregated risk exposure. An added vulnerability is the fact that often aging infrastructure has now been connected, directly or indirectly, to the Internet.
- Looking at the individual company level: everyone needs to improve their security posture today, and equally important: improve their business disruption and recovery process.
We should expect more of these incidents to occur, with multiple bad actors attempting to blackmail or damage key players . And it’s not just ransomware that poses a risk: hackers with ongoing access and motivated to gain strategic advantage, can be a very interesting form of cyberespionage for malicious groups or governments.
If you are a corporate executive or state local government agency head: don’t believe you will be spared. Protection against cybercriminals and continuity plans are needed today. Any organisation must be able to track behavior, identify threats, and immediately take action to protect the safety and security of their operations.
The Armis platform is designed to provide organizations with visibility to every asset in their environment. In addition, Armis tracks the behavior of these assets, over 1B assets and devices daily, so security teams can see and understand anomalous behavior and take action to prevent further compromise. Our unique OT & ICS visibility and threat detection capabilities offer our users the ability to stay abreast of suspicious system behaviors, working across their ecosystem to limit and shut down any rogue assets, systems or applications.
If you want to know more about how we do this, simply request a live demo here. ISG named Armis the leader in OT security when it comes to such matters. Simply click here to get your copy of their report.
Sign up to receive the latest news