Big bucks in pillaging parking
The transport sector is a booming lucrative playground for cyber criminals that is increasingly fragmented, IBM researchers say.
The findings in a report Security trends in the transportation industry reveal that airlines, trucking, and parking sector companies are being hosed for credit cards and sensitive information.
Big Blue cites multiple menus for the budding transport hacker including raiding frequent flier and rewards schemes, citing breaches of British Airways and United Airlines.
But IBM advises says hackers can make a killing popping taxi and hire car companies and parking outfits, among others.
“Attackers seeking a treasure trove of sensitive information, credit card data included, need look no further than private transit companies such as taxi and limousine services,” the researchers say.
“In the transportation industry, an interesting emergent trend is a focus on lucrative niche targets, for instance parking management companies.
“We have seen several incidents in this area during the past couple of years, a number of them involving offsite airport parking companies.”
They reference the 2013 plundering of CorporateCarOnline and the 2014 gaffe in which New York City officials revealed the movements of taxi drivers over some 173 million trips.
Three parking companies have been breach recently including book2park.com, Park n Fly, and OneStopParking.com where credit cards were stolen and sold.
IBM continues with hackers ripping passenger data including the plundering of a Chinese national train reservation system and customer data including manifests from United Airlines.
Transport sector organisations are most likely to be attacked with denial of service attacks and malicious attachments which combined made up 44 percent of attacks on the sector in the 12 months to May.
The report also calls out future possible security issues with the pending US national NextGen aviation navigation system including the Automatic Dependent Surveillance Broadcast and Aircraft Interface Devices communications platforms.
These efficiency and cost boons could open doors to new threats, researchers say. “Globally, the aviation industry is moving towards IP-based systems that will introduce new security challenges and reduce barriers against cyber attack tools and techniques already in use on the public internet,” they say. “A comprehensive approach to address cyber security is required.”
The global transportation sector is huge.
As of January last year there were more than 50,000 merchant ships and some 70,000 daily flights in the US alone.
IBM security bod Michelle Alvarez says on the back of the report that the privatisation of the transportation sector is increasing the strain since it fragments the maintenance of security into individual companies.
“Each individual owner or operator is responsible for identifying critical cyber infrastructure and applying remediation,” Alvarez says. ®