The Big Hit
The USCG reported this incident on Marine Safety Information Bulletin (MSIB), where it’s didn’t mention the exact facility being attacked, USCG hints about the cargo transfer industrial control systems to take the hit that encrypted files critical to process operations of the port. This attack led the facility to shut its network for around 30 long hours! This incident is currently being investigated, and the USCG assumes the cause of this attack is to be a click on a phishing email that led attacker into MTSA facility network. The bulletin read, After all, the Coast Guard now recommends facilities to use the Cybersecurity Framework of National Institute of Standards and Technology (NIST) to prevent further such hacks.
Measures For Securing
USCG has previously issued an alert in July this year, after being hit by such cyberattack against their deep draft vessel during February. And now, the Coast Guard warns maritime stakeholders to check the authenticity of the sender before opening any emails or replying. Measures detailed as:
Intrusion Detection and Intrusion Prevention Systems to monitor real-time network traffic Industry-standard and up to date virus detection software Centralized and monitored host and server logging Network segmentation to prevent IT systems from accessing the Operational Technology (OT) environment Up-to-date IT/OT network diagrams Consistent backups of all critical files and software
While these were the latest measures, UK’s NCSC has published guidelines in June this year about Ryuk Ransomware’s effect and defence measures. After which, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to has issued its own guidelines for preventing such ransomware attacks.