We all have to get around somehow. Be it planes, trains, cars, or boats. The more systems that function online, the more that are susceptible to hacking. This week in class we discussed security operations and administration. Which covers how companies handle their employees and data. While looking around for cyber security news I saw some articles about planes and trains. So I decided to look more into what is happening to our transportation in our cloud-based world.
The first article I read talked about a 20 year old vulnerability was just reported that if taken advantage of can lead to derailing trains in Ohio. About two years ago there was the derailment of an Ohio train that spilled hazardous materials all over the city of East Palestine. That error was due to a failed wheel bearing, not hacking. But only with that derailment, we can get an idea of what a train derailment could mean. In the USA, we get a good amount of our products from delivery by train. If hackers knew what train they wanted to tip and where, they could cause another disaster. Unfortunately, the railroad's security team says it will take them until 2027 to fix the vulnerability. CISA’s acting executive assistant director for cybersecurity says the vulnerability would be too difficult to exploit which is why nothing was down with the knowledge of it for 20 years. Whether or not it was going to be exploited can be debated, but it concerns me as a passenger to know companies know their weaknesses but don't do anything about them.
Another article I read was about airlines. Less so how airplanes have been seeming to fall out of the sky lately, but more focused on the data airlines have. Airlines deal with millions of people every day, which means they have millions of people's data circulating on their servers. That is binary gold to hackers who need that data to then commit identity fraud. Some of the latest attacks were on Hawaiian Airlines and Quantas in just one week of each other. There's not much a passenger can do once their data is collected after flying with an airline. To protect yourself, make sure passwords are strong and not easy to guess. Also try to set up multiple factor authentication. However, once a company is breached, there's little you can do.
The last article I have added is a bit more of a technical read about Ransomware-as-a-Service (RaaS). It shows how hackers are evolving with the times and using AI to hack better.
While these two articles serve more as a cautionary tale than a call to action, it's still worth noting that the more companies using cloud services and depending on the Internet as their structure for communication, the more vulnerable everyone is. Companies need to be held accountable for ignoring vulnerabilities until it's too late.
Articles Read
- Major railroad-signaling vulnerability could lead to train disruptions
- Cybersecurity experts warn of increasingly 'treacherous' landscape as major brands fall victim to attacks
- Newly Emerged GLOBAL GROUP RaaS Expands Operations with AI-Driven Negotiation Tools