Transportation


  • xHunt Campaign: Newly Discovered Backdoors Using Deleted Email Drafts and DNS Tunnelling for C2

    November 9, 2020

    The xHunt campaign has been active since at least July 2018 and we have seen this group target Kuwait government and shipping and transportation organizations. Recently, we observed evidence that the threat actors compromised a Microsoft Exchange Server at an organization in Kuwait. We do not have visibility into how the actors gained access to ...

  • When Threat Actors Fly Under the Radar: Vatet, PyXie and Defray777

    November 6, 2020

    As security practitioners, Palo Alto Unit 42 researchers spend a lot of time focusing on the threat actors and malware families that leverage the most impactful exploits or affect the highest number of victims. But what happens when a threat actor goes “low and slow” to fly under the radar? One could argue that, in ...

  • Montreal’s STM public transport system hit by ransomware attack

    October 21, 2020

    Montreal’s Société de transport de Montréal (STM) public transport system was hit with a RansomExx ransomware attack that has impacted services and online systems. On October 19th, STM suffered an outage that affected its IT systems, website, and customer support. While these outages did not affect the operation of buses or metro systems, people with disabilities who ...

  • Fairfax County schools hit by Maze ransomware, student data leaked

    September 12, 2020

    Fairfax County Public Schools (FCPS), the 10th largest school division in the US, was recently hit by ransomware according to an official statement published on Friday evening. The school district is also the largest in the Baltimore-Washington Metropolitan Area and it has a budget of $3.1 billion approved for 2021. FCPS has over 188,000 current students and ...

  • Airline DMARC Policies Lag, Opening Flyers to Email Fraud

    August 19, 2020

    More than half of global airlines do not have DMARC policies in place, opening their customers up to email fraud attacks, a new report found. DMARC (Domain-based Message Authentication, Reporting & Conformance) is considered the industry standard for email authentication to prevent attackers from sending mails with counterfeit addresses. It does so by authenticating the sender’s ...

  • The Cybersecurity Blind Spots Of Connected Cars

    August 18, 2020

    Technology has accelerated the pace in which vehicles provide mobility and convenience. Nowadays, it’s common for connected cars to let their users have instant access to navigation and traffic data, play desired media content, and get up-to-the-minute weather and collision alerts, among other capabilities — thanks to connected technologies such as vehicle-to-everything (V2X) communication and ...

  • World’s largest cruise line operator Carnival hit by ransomware

    August 17, 2020

    Cruise line operator Carnival Corporation has disclosed that one of their brands suffered a ransomware attack over the past weekend. Carnival Corporation is the largest cruise operator in the world with over 150,000 employees and 13 million guests annually. The cruise line operates under the brands Carnival Cruise Line, Costa, P&O Australia, P&O Cruises, Princess Cruises, ...

  • CWT Travel Agency Faces $4.5M Ransom in Cyberattack, Report

    July 31, 2020

    CWT, a giant in the corporate travel agency world with a global clientele, may have faced payment of $4.5 million to unknown hackers in the wake of a ransomware attack. Independent malware hunter @JAMESWT tweeted on Thursday that a malware sample used against CWT (formerly known as Carlson Wagonlit Travel) had been uploaded to VirusTotal on ...

  • FBI warns of Netwalker ransomware targeting US government and organisations

    July 29, 2020

    The FBI has issued a security alert about Netwalker ransomware operators targeting U.S. and foreign government organizations, advising their victims not to pay the ransom and reporting incidents to their local FBI field offices. FBI’s flash alert also provides indicators of compromise associated with the Netwalker ransomware (also known as Mailto) and includes a list of ...

  • Maritime cyber attacks increase by 900% in three years

    July 29, 2020

    Cyber attacks on the maritime industry’s operational technology (OT) systems have increased by 900% over the last three years with the number of reported incidents set to reach record volumes by year end. Addressing port and terminal operators during an online forum last week, Robert Rizika, Naval Dome’s Boston-based Head of North American Operations, explained that ...

  • ISO/SAE 21434: Securing Tomorrow’s Connected Cars

    June 29, 2020

    The functions and usage of today’s automobiles are changing as connectivity drives the demand for more modern features, and the automotive industry has been continuously developing and releasing new features to meet this demand. Among a number of modern features, today’s cars feature systems that connect to other vehicles, mobile devices, traffic infrastructure, and cloud ...

  • Ripple20 vulnerabilities will haunt the IoT landscape for years to come

    June 16, 2020

    Cyber-security experts have revealed today 19 vulnerabilities in a small library designed in the 90s that has been widely used and integrated into countless of enterprise and consumer-grade products over the last 20+ years. The number if impacted products is estimated at “hundreds of millions” and includes products such as smart home devices, power grid equipment, ...

  • Honda investigates possible ransomware attack, networks impacted

    June 8, 2020

    Computer networks in Europe and Japan from car manufacturer giant Honda have been affected by issues that are reportedly related to a SNAKE Ransomware cyber-attack. Details are unclear at the moment but the company is currently investigating the cause of the problems that were detected on Monday. The company has confirmed to BleepingComputer that its IT network is not functioning ...

  • Amtrak discloses data breach, potential leak of customer account data

    June 2, 2020

    The National Railroad Passenger Corporation (Amtrak) has disclosed a data breach that may have resulted in the compromise of customer personally identifiable information (PII). The data breach was discovered on April 16, 2020. In a letter to the Attorney General’s Office of Vermont, made public on April 29, the rail service said that an unknown third party managed ...

  • Easyjet hacked: 9 million people’s data accessed plus 2,200 credit card details grabbed

    May 17, 2020

    Budget British airline Easyjet has been hacked, it has told the stock markets, admitting nine million people’s details were accessed and more than 2,000 customers’ credit card details stolen. Some information about the attack was released to the London Stock Exchange by the company, which claimed it had been targeted by “a highly sophisticated source”. Email addresses and “travel ...

  • Tropic Trooper’s Back: USBferry Attack Targets Air-gapped Environments

    May 12, 2020

    Tropic Trooper, a threat actor group that targets government, military, healthcare, transportation, and high-tech industries in Taiwan, the Philippines, and Hong Kong, has been active since 2011. The group was reportedly using spear-phishing emails with weaponized attachments to exploit known vulnerabilities. Primarily motivated by information theft and espionage, the group has also been seen adopting different strategies such ...

  • Airplane Hack Exposes Weaknesses of Alert and Avoidance Systems

    May 4, 2020

    The aircraft safety system known as the Traffic Alert and Collision Avoidance System (TCAS) can be coerced into sending an airplane on a mid-air rollercoaster ride – much to the horror of those onboard. Researchers were able to cobble together an effective method for spoofing the TCAS using a $10 USB-based Digital Video Broadcasting dongle and ...

  • Many problems with cyber security of Schipihol’s border control: Court of Audit

    April 20, 2020

    Schiphol is very vulnerable to cyber attacks, the Court of Audit concluded after investigating the cyber security of the border control systems the Koninklijke Marechaussee uses at the airport. Two of the three systems are not properly protected against cyber attacks, NOS reports. Systems at Schiphol are hardly ever tested for how well they can stand ...

  • Prague Airport says thwarted several cyber attacks; hospitals also targeted

    April 18, 2020

    Prague Airport and a regional Czech hospital said on Saturday they had thwarted cyber attacks on their IT networks, reinforcing warnings by the national cyber security watchdog of likely attempts to harm the country’s infrastructure. “Attempted attacks on web pages of the airport were detected in preparatory phases,” the airport’s spokeswoman said in an emailed statement. ...

  • Ransomware Attack Hinders Toll Group Operations

    February 4, 2020

    Australian transportation and logistics giant Toll Group said a ransomware attack is to blame for several key services being debilitated and delivery operations being delayed over the past week. Toll Group, a subsidiary of Japan Post Holdings, is a freight and delivery service company operating across more than 1,200 locations in 50 countries. The company is ...