The very targeted attacks on Microsoft Exchange Servers at the beginning of 2021 were just the beginning of the problems that have stemmed from the multiple vulnerabilities being exposed. The Microsoft Threat Intelligence Center (MSTIC) credited the zero-day exploits with high confidence to the Chinese nation-state hacking team, HAFNIUM, whose motivations were likely espionage of US-based targets, but the ripple effects and wider impact is being felt by many businesses globally.
The zero-day exploit affect son-premise exchange servers. This enables access to sensitive data held on the servers and threat actors can also install web shells, which allow them to maintain backdoor remote access, and from there, the ability to move through out an organisation’s network.
Tech-savvy criminal threat actors also saw an opportunity and began to further target impacted organizations with new ransomware dubbed Dear Cry, a relative of famed malware Wanna Cry. Black Kingdom -another ransomware operation - also made attempts to capitalise on the situation and both appear to have impacted victims in the United States, Germany, Indonesia and elsewhere.
The disruption, and cost, associated with a ransomware attack is obviously of concern to freight and logistics companies that rely on IT systems to help take customer bookings and dispatch freight to the correct destinations.
So what does this mean for vehicle fleets?
Even though Microsoft responded swiftly to the exploits with tools to support businesses to patch against the threats, once a server is exploited, it’s not always simple to remediate. There could be seemingly legitimate business reasons why patches can’t be applied, yet freight has to keep moving.
Fleets of vehicles, including the road and networks connected trucks use to transport goods, play critical roles in our daily lives and so it’s essential that action is taken and a plan is in place to fix any exposure - whether that’s to protect yourselves from being directly targeted or from threats that are exploited and businesses are inadvertently exposed.
DOJ authorizes efforts to disrupt the exploits
The FBI has taken court-approved steps to copy and then remove web shells from compromised US-based servers - all without notifying the owners!
Whilst these efforts are noble to ensure hacking efforts are disrupted and US businesses remain secure, this intrusion only targeted specific web shells it was looking for. So if a business was already being monitored or exploited either before this or with different malware, those web shells will still be present.
The challenge remains for US businesses of all sizes to secure and maintain their cybersecurity. It's recommended that if you were impacted by the Microsoft Exchange vulnerabilities, and even if the FBI removed web shells, that you still use the Microsoft tools to look for indicators of compromise (IOCs) on your network.
The costs of ransomware often stretch far beyond an extortion payment; other costs like operational downtime, lost sales opportunities, disappointed customers, the expense of attack mitigation and recovery, reputational damage, penalties for unmet contractual obligations, and fines for non-compliance, can make the cost of a ransom look trivial. A defensive cybersecurity strategy can pay dividends and help protect against the devastating impact of a cyber incident.
Being prepared is key!
Many organizations start by assessing their current cyberthreats and vulnerabilities. ShieldsUp can provide a Cyber Readiness assessment, which takes 15 minutes to complete. It will measure the existing risks to your fleet and critically highlight the vulnerabilities and remediation steps to be secure. And if the worst does happen, we offer a concierge service that steers you through best practice incident response.
Our services are specifically designed to help fleet vehicle organizations prepare for potential cyberattacks and offers expert support and resources when managing a cyber incident. Visit the website for more information: https://www.shieldsup.io/
Our team of fleet cyber experts are here for you in the event of an attack. We'll work with your business continuity team and your existing partners to remediate an incident.
In the event that you need support - you will have access to our extensive network of approved vendors to ensure you return to business as usual as quickly as possible.
ShieldsUp Cyber Readiness AssessmentDeep-dive Onboarding Call with a Cyber ExpertBespoke Cyber Business Continuity Plan
24/7 HotlineIncident response manager Fleet-specific Incident Response Playbooks
Fleet-specific Vehicle, Hardware, & Software remediation servicesCyber forensics and remediation servicesLegal support