Fleets Shift Focus to Secure Against Operational Disruptions Following Cyber Attack

YANIV MAIMON

VP Cyber Services

September 26, 2023

Fleet management solutions are indispensable in fleet operations, offering essential insights into vehicle inventory and status, helping to monitor driver behavior and safety, and more. As these systems evolve with increased connectivity, they also become more exposed to potential cyber threats. APIs, which are integral to modern fleet operation services, should also be considered among the cybersecurity threats facing fleet management solutions.

Ransomware attack on leading fleet management service disrupts fleet operations in the US, forcing truck drivers to manually log hours

A recent incident underscores the potential impact of cyber-caused operational disruptions in freight fleets. A ransomware attack led to service outages for a notable trucking and fleet management solutions provider. Several freight operators that were using the service reported losing visibility into the state of their fleet and inventory.
This attack rendered the company’s electronic logging devices inoperable, prompting truckers throughout the US to revert to traditional paper logs. Since regulations allow truckers to use paper logs for only eight days within a 30-day period, there was genuine concern about their ability to continue operations. To address this, the US Federal Motor Carrier Safety Administration issued a temporary waiver, permitting the use of paper logs until the digital service is reinstated.

In response, the affected company engaged external cybersecurity experts to investigate the incident. They are actively working on restoring services and have reached out to all impacted clients, ensuring they receive regular updates until the service is back to its full capacity.

When fleet management services face disruptions from cyberattacks, the challenges are numerous. Such interruptions can ripple throughout the mobility ecosystem, leading to operational setbacks, delays, and potential revenue losses. But the impact of these disruptions is not limited just to the mobility ecosystem, they can have far-reaching implications on everyone who relies on the products being transported by commercial fleets, causing delays in the delivery of goods and potentially product shortages.

ENISA warns transport sector of growing ransomware threat

Recently, the European Union Agency for Cybersecurity (ENISA) identified ransomware as a primary cyber threat to the transport sector. The agency highlighted the growing risk to operational technology (OT) systems in the transport sector, especially as digital transformation efforts bridge the gap between traditionally separate IT and OT systems. ENISA’s observations suggest that the transport sector’s need to quickly resolve ransomware situations to prevent significant business and societal impacts might inadvertently encourage more attacks.

To navigate these challenges, ENISA underscores the importance of robust cybersecurity measures for the transport sector.

Implementing a purpose-built detection and response platform (XDR) can help fleets and fleet management solutions secure their assets and applications against cybersecurity threats

The Upstream Platform serves many of the largest OEMs and fleets worldwide, securing millions of connected vehicles and billions of API transactions. Upstream’s recently launched API Security solution is uniquely designed to correlate between API traffic and the contextual impact they have on operational systems and assets. This is a critical element in securing mobility and transportation services that manage vehicles on the road.

The solution layers API discovery and monitoring with best-of-breed detection and response to protect applications and services against direct and third-party vulnerabilities, attacks, misconfigurations, and design flaws.

The Upstream Platform is agentless and does not require the installation of software or hardware. This enables customers to benefit from rapid deployment, providing quick time-to-security with onboarding of various mobility assets and applications with no downtime or servicing needed.

Discover how you can mitigate operational disruptions and secure operational APIs from cybersecurity attacks and vulnerabilities with a demo of the Upstream Platform.

 

 

Newsletter Icon

Upstream’s 2024 Global Automotive Cybersecurity Report

Newsletter Icon

Subscribe
to our newsletter

Stay up-to-date on the latest trends, emerging risks, and updates

Mike Lexa Joins Upstream Security Advisory Board to Accelerate Cybersecurity Resilience in the Automotive & Mobility IoT Sector

The mobility ecosystem is experiencing a profound digital transformation. The increasing reliance on mobility services and Internet of Things (IoT) devices is not just reshaping…

Read more

7 Key Financial Implications of Automotive Cybersecurity Risks

In June 2023, a leading Taiwan-based semiconductor manufacturer disclosed a cybersecurity incident involving a ransomware group and one of its IT hardware suppliers, which led…

Read more

Newly Discovered IoT Vulnerabilities in ELDs Raise Risk for Fleet-Wide Attacks

In late March 2024, The Register published a unique coverage, describing multiple new vulnerabilities and elaborating on the cyber risks in ELDs (electronic logging devices)…

Read more

Navigating the Evolving Automotive Cybersecurity Regulatory Landscape

The automotive industry’s digital transformation has ushered in an era of unprecedented connectivity and technological advancement. Yet, it is also exposing mobility assets to a…

Read more