In what is certain to be a recurring theme that has already been thrust into prominence with recent ransomware hacks of the Colonial Pipeline and JBS, the world’s largest meat producer, cybercriminals struck yet another target on Wednesday: the US state of Massachusetts ferry system. Additionally, the MTA admitted this week that it was the target of an April attack.
Service between several upscale northeastern coastal communities was disrupted as a result of the ferry system attack, according to AFP. The attack was reported by The Steamship Authority of Massachusetts, which offers ferry service between Cape Cod, Nantucket and Martha’s Vineyard.
The Authority tweeted out: “There is no impact to the safety of vessel operations, as the issue does not affect radar or GPS functionality.”‘
However, the hack did hit the Authority where it could arguably hurt worse: its payment system. The ferry was temporary limited to cash (gasp) after it lost its ability to process credit cards. On Facebook, the Authority wrote that it was “…unable to release or confirm specific details of what occurred,” but that it was working with local, state, and federal officials to figure out the incident.
In keeping with the theme of mass transit, the Metropolitan Transportation Authority (MTA) revealed on Wednesday that it was also hacked on April 20.
The group believed to be responsible for the MTA hack is said to have links to the Chinese government, the NY Times reported Wednesday. A follow up audit after the attack revealed “no signs that the operating systems had been affected, or that the hackers accessed information of clients or employees”.
“The hackers did not gain access to systems that control train cars and rider safety was not at risk,” transit officials said, according to the NY Times. However, there was residual concern that these systems could be breached through a back door, according to MTA documents.
“The attack on the M.T.A. did not involve financial demands and instead appears to be part of a recent series of widespread intrusions by sophisticated hackers believed to be backed by the Chinese government,” the Times wrote. The MTA was one target out of a group of “dozens” of federal agencies, the report notes.
Rafail Portnoy, the M.T.A.’s chief technology officer, said: “The M.T.A.’s existing multilayered security systems worked as designed, preventing spread of the attack. We continue to strengthen these comprehensive systems and remain vigilant as cyberattacks are a growing global threat.”
But the growing theme not only of targeting mass transit – but also of ransomware attacks in general – are both worth keeping a close eye on, as these feel like anything but isolated incidents.
Recall, we reported earlier this week that the FBI had confirmed Russian-linked “REvil and Sodinokibi” groups were behind the ransomware attack on JBS meat processing facilities this week. The cyberattack forced the shutdown of all JBS’ US beef plants, which account for almost a quarter of American supplies.
“On Sunday, 30 May, JBS USA determined that it was the target of an organized cybersecurity attack, affecting some of the servers supporting its North American and Australian IT systems”, JBS said at the time.
This followed suit from last month, when hackers made away with $5 million in ransom after attacking the Colonial Pipeline.
The attack on Colonial was called “potentially the most substantial and damaging attack on U.S. critical infrastructure ever,” by Ohio Senator Rob Portman.
Once the ransom was paid, the hackers provided Colonial with a decrypting tool to restore its computer system, but “the tool was so slow that the company continued using its own backups to help restore the system, one of the people familiar with the company’s efforts said.”
The FBI accused hack group DarkSide of the ransomware attack. Besides Colonial, the hackers launched attacks on 24 other companies in various industries.