US Issues Cybersecurity Directive for Airlines and Railroads

Nearly all railroads and airlines in the United States have been ordered to report cybersecurity breaches to the federal government. 

Under the new Transportation Security Administration–issued mandate, rail operators, airport operators, and airline operators will be required to report cybersecurity incidents to the Cybersecurity and Infrastructure Security Agency within 24 hours of detection.

All three types of operators will also have to designate a cybersecurity coordinator. The mandate applies to both passenger and freight railroads.

Other requirements included in the mandates are that railroad operators must complete a vulnerability review to determine how susceptible they are to cyber-attacks. They must also create and implement a cybersecurity incident response plan.

The fresh security regulations were announced by senior officials at the US Department of Homeland Security (DHS) on Thursday and will come into force on the last day of this month. 

“Cybersecurity incidents affecting transportation are a growing, evolving and persistent threat,” Victoria Newhouse, TSA’s deputy assistant administrator, told the House Transportation Committee on Thursday. 

“Across US critical infrastructure, cyber threat actors have demonstrated their willingness and ability to conduct malicious cyber activities targeting critical infrastructure by exploiting the vulnerability of operational technology and information technology systems.”

Several cyber-attacks targeting the rail sector have been reported over the past twelve months. They include a ransomware strike on Toronto’s transit agency, a breach of New York’s Metropolitan Transportation Authority’s computer systems, and an attack on the Transportation Authority in Ann Arbor, Michigan. 

The new rules echo similar mandates directed at improving the security of America’s pipelines, which were issued by the Biden administration in the wake of the cyber-attack on Colonial Pipeline. 

“These new cybersecurity requirements and recommendations will help keep the traveling public safe and protect our critical infrastructure from evolving threats,” Department of Homeland Security Secretary Alejandro Mayorkas said.

“DHS will continue working with our partners across every level of government and in the private sector to increase the resilience of our critical infrastructure nationwide.”

The Wall Street Journal reports that the new mandates will affect roughly 90% of passenger rail systems in the US and 80% of freight railways.

Holiday Season Fraud Fear Higher this Year

A quarter of consumers are more worried about becoming a victim of e-commerce fraud this holiday season than they were during last year’s festive period, according to new research.

The finding was part of the new Digital Holiday Fraud in 2021 report on global e-commerce fraud trends that was published today by information and insights company TransUnion.

Analysis of global e-commerce transactions between Thanksgiving and Cyber Monday found that 7.46% were potentially fraudulent. In the United States, that figure was found to be substantially higher, at 19.66%.

Of the e-commerce transactions that occurred from January 1 to November 29 this year, 15.73% were potentially fraudulent. This figure increased by 25% during this year’s holiday shopping season.

Globally, the percentage of suspected fraudulent e-commerce transactions from November 25 to November 29 was roughly 4% higher than the same period last year, when the rate was 16.83%. 

In the United States, Saturday, November 27, was the day with the highest percentage of suspected digital fraud attempts so far this year, at 21.99%.

These findings were based on intelligence drawn from billions of transactions contained in TransUnion’s fraud analytics solution suite, TruValidate.

“The holiday shopping season is a popular time for bad actors to engage in fraudulent activity, particularly in the e-commerce and retail industry,” said Shai Cohen, senior vice president of global fraud solutions at TransUnion. 

“Online shopping is the new norm for the majority of consumers and that trend has been further accelerated due to the COVID-19 pandemic.”

TransUnion’s recent Consumer Holiday Shopping Report found that 15% of consumers listed the top reason for abandoning their virtual shopping cart as a lack of site security. 

“Consumers want to shop with online retailers that not only provide a seamless user experience, but also take consumer security and privacy seriously,” said Cohen. 

“It is imperative that those businesses equip themselves with the proper tools to better assess the overall risk of a potential fraudulent transaction without inhibiting the consumer journey.”

The report found that a third of consumers (33%) are shopping for the holidays earlier this year in anticipation of supply-chain issues and gaps in inventory.

Phishing Scam Targets Military Families

Threat researchers at Lookout are helping to take down a phishing campaign that has been targeting members of the United States military and their families. 

The scammers behind the long-running campaign impersonate military support organizations and personnel to commit advance fee fraud, stealing sensitive personal and financial information for monetary gain.

“Based on our analysis, it’s clear that the threat actor is looking to steal sensitive data from victims such as their photo identification, bank account information, name, address and phone number,” wrote Lookout’s researchers in a blog post on the scam published today. 

“With this information, the actor could easily steal the victim’s identity, empty their bank account and impersonate the individual online.”

The campaign’s backbone is a series of websites that have been designed to appear as though they are affiliated with the military. To bring an added touch of authenticity to the sites, the operators add advertisements for Department of Defense services to their malicious content.

The sites offer expensive services that are never delivered, or trick users into thinking that they are in a romantic relationship with a member of the military. Fake services offered include care packages, leave applications, and communication permits.

Infrastructure indicators coupled with open-sourced intelligence point to Nigeria as the scammers’ operational base. 

“The websites were primarily hosted by Nigerian providers that are offshore or ignore the Digital Millennium Copyright Act (DMCA),” wrote researchers.

“We were able to further confirm the operator’s location from a phone number one of the web developers accidentally left on the draft version of the site. The country code of the number is from Nigeria.”

So far, researchers have identified 50 military scam sites tied to this threat campaign, which further investigation showed was linked to other cyber-criminal activity.

“We were also able to link this group to numerous other scams advertising fake delivery services, crypto-currency trading, banks and even online pet sales,” wrote researchers.

The researchers at Lookout said that they are not the only individuals who are actively working to combat this particular campaign and expressed their thanks to everyone who is working to stop the scammers.

Cyber-attack on Planned Parenthood

A cyber-attack on Planned Parenthood Los Angeles (PPLA) has resulted in the exposure of patients’ personally identifying information (PII).

The agency said in a notice posted to its website on Wednesday that suspicious activity was detected on its computer network on October 17.

An investigation into the activity remains ongoing; however, it has been determined that an unauthorized person broke into PPLA’s system between October 9, 2021, and October 17, 2021. 

PPLA said that during the attack “malware/ransomware” was installed on its network and “some files” were exfiltrated from its systems.

A review of the compromised files found that patient data had been accessible to the threat actor. 

“On November 4, we identified files that contained certain patients’ names, and one or more of the following: dates of birth, addresses, insurance identification numbers, and clinical data, such as diagnosis, treatment, or prescription information,” wrote PPLA.

PPLA operates 21 health centers in the Southern California city. The Sacramento Bee reports that 400,000 PPLA patients were impacted by the attack. 

PPLA spokesperson John Erickson told the Washington Post that the cyber-attack appeared to be part of a ransomware extortion scheme, in which hackers encrypt files and demand a ransom for a decryption key.

No evidence has been found to suggest that any of the compromised information has been used for fraudulent purposes.

PPLA is notifying impacted patients by mail and encourages those affected by the incident to review statements from their healthcare providers and insurers for suspicious activity. 

“Ransomware continues to be a major issue for organizations around the world, especially now that data is stolen before being encrypted,” said Erich Kron, security awareness advocate at KnowBe4.

“This stolen data, and the threats by the ransomware gangs that perform the attacks to release it publicly, have contributed to the skyrocketing ransom amounts we are seeing.”

Kron added that the damage caused by this ransomware attack could be more than financial.

“In this case, very personal and private information related to very controversial procedures has been stolen, something that could directly impact the trust people have in the organization, especially if the data is released,” said Kron.