6 nov 23

Ransomware is on the rise again, causing shattering damages to fleets

Ransomware is scary for many reasons. You don't see it coming, and even if you think you're prepared, it can breach your network from an internal vulnerability or through the software and hardware provided by OEMs and third-party suppliers. When it comes to the automotive and fleet industry, the attacks publicly announced are just the tip of the iceberg, according to Shira Sarid-Hausirer, Vice President of Marketing at Upstream Security. 

Many fleet management companies and fleets have become the victims of ransomware attacks in recent months, facing substantial financial losses while trying to recover from the attacks, which may take up to a month. 

"We've had almost 400% increase in the last six years in the number of incidents", says Sarid-Hausirer. "We're getting close to about 300 incidents that are publicly reported every year. But the actual amount is much higher, including at least another zero at the end."

Thankfully, regulations such as WP29/R155, which mandates OEMs to provide an automotive cybersecurity system, have increased the attention. With the cybercrime incidents and regulations to counter them going up, OEMs are spearheading the effort to detect and mitigate attacks as soon as possible. But things are much more interesting from a fleet perspective, says Sarid-Hausirer.

Two core elements for fleets

Recently, the industry faced attacks mainly targeting truck fleets. Yet, from ride-hailing services to parcel delivery and school buses, any vehicle can become a part of a fleet, bringing risks and vulnerabilities. When you look at the peripheral, how a particular type of vehicle operates, the cyber security risks become the concern of the fleet.

Additionally, fleet management systems (FMS) that manage operational efficiency must comply with regulations, such as logging how many hours each driver is on the road. While a fleet aims to set the best route for drivers, monitor their movements and check the status of fuel or energy usage, the effort to maximise efficiency through digital systems may provide an open door through two elements, says Sarid-Hausirer. 

One is the possibility of cyber criminals compromising these systems and immobilising the vehicle. For instance, if the driver of a garbage truck can't use the iPad to show the destinations to pick up trash, the truck is stuck and can't go anywhere. 

The second and most significant element is the operational disruption that cyber-attacks can cause. "If a truck carrying wheat or milk stops moving on the road, we have a macroeconomical problem. The same goes for trucks that transport gas or any other commodity that is critical for business functionalities." 

New target: Operational technologies

Eventually, FMSs produce a vast amount of data. And if cyber criminals spotted a Brink's truck (a global provider of cash and valuables management) while it's parked, it wouldn't be good, says Sarid-Hausirer. "When the privacy of a fleet is compromised, the business amplifications can be tremendous." 

In March, the European Union Agency for Cybersecurity (ENISA) warned about the increasing risks of ransomware attacks. In the following months, several fleet management companies and fleets came under attack, causing temporary shutdowns and substantial financial losses.

Attacks targeting information technologies (IT) have been around for decades, and now, cyber threats are increasingly affecting operational technologies (OT), which execute functions in the physical space, says Sarid-Hausirer. The advanced operations systems by the digital transformation in the last decade have made OT a prime target for all kinds of threat actors, and 99% of it is only for one reason: "The most important incentive for an individual or a group to engage in malicious cyber security activities is money. They're not necessarily here to hurt me or you or anyone else." 

Shira Sarid-Hausirer, Vice President of Marketing at Upstream Security, courtesy of Upstream Security.

Fleets from a ransomware perspective

Recently investigated attacks by Upstream provide crucial examples. Cybercriminals target the FMS and the iPads drivers use to log their hours. Without fleet management and logging systems, operations get paralysed. The damage can be millions per day in these scenarios, says Sarid-Hausirer.

"When you ransomware a hospital, maybe there are five MRI machines, and now they don't work. When you ransomware a fleet, you can potentially take hundreds, if not thousands, of MRI machines. For instance, trucks cost almost as much as an MRI machine, sometimes even more, and you put them at a halt. Realistically, a fleet is far more valuable or essentially dangerous from an economic perspective than a hospital. And while a hospital's functionality is critical for society, attacks on the transportation industry have serious implications too."

Disrupting operations, breaching sensitive data and safety. Ransomware has all kinds of threats in its arsenal. Furthermore, cybercriminals are highly professional and leave almost no traces, says Sarid-Hausirer. "It has gone far beyond just hacking the heated seats in vehicles." 

A concern for public safety

The maturity of the cyber criminals and the risk they pose is too high. At the end of September, KNP Logistics laid off 730 employees due to a ransomware attack. One of the UK’s largest privately owned logistic groups blamed ransomware attacks for shutting down the entire company. At the beginning of October, Estes Express, the US-based freight transportation provider, came under attack. 

"Every movement completely changes the financial equilibrium these companies require and their stability. The whole industry is vulnerable", says Sarid-Hausirer. It was predicted in March by ENISA, and in 2017, Elon Musk, Tesla CEO, said, "What if someone hacks a fleet and sends all the vehicles to Rhode Island?" This happened in September 2022, when the Anonymous hacker group hacked Yandex's backend systems and sent all the taxis to one central location in Moscow, jamming the city and resulting in huge financial losses.

This is an example of how a fleet can impact public safety. To provide safety solutions, we need to look at different levels, says Sarid-Hausirer. The first level is the truck or the vehicle level, which is performed by the OEM and the fleet owner regarding all the aftermarket telematics systems in the vehicle. Second, all the applications and systems utilised in vehicles must be protected as well, being the responsibility of the fleet. 

"We have to look at all levels and layers of operations, and the responsibility shifts between the different stakeholders."

The main photo shows Upstream Security's Vehicle Security Operations Center (vSOC), courtesy of Upstream Security. 

Authored by: Mufit Yilmaz Gokmen