As reported by the San Diego Tribune, the Port of San Diego has experienced a complex and major cybersecurity incident. There are parallels being drawn to the attack I reported on that shut down major parts of the city of Atlanta earlier this year, namely how this attack is shutting down key services. The services in question include “the public agency’s ability to process park permits and records requests, and perform other business services.” As a byproduct of the port hack, the San Diego Harbor Police Department has been forced to switch to “alternative technology systems.”
The heads of the Port of San Diego have taken swift action by bringing in the relevant authorities (local and federal) and thoroughly investigating the actual incident. There has not been much in terms of actual information regarding the attack as far as how it occurred or what the malicious software used was. If I were to speculate with an educated guess based on the Atlanta attack and how often ports are targeted by ransomware, the encrypting malware is most likely the culprit. With a total shutdown of core systems, there seems to be an indication that the files or even hard drives found in the Port of San Diego’s network were taken over by ransomware.
The fact that the Port of San Diego is being silent on the source of the breach also pushes me in the direction of ransomware being the culprit. Ransomware infections occur because of social engineering via email or other sources and all it takes is one foolish employee to make a foolish mistake. This is a PR nightmare for the Port of San Diego as the cost of fixing the damage of this attack will likely be high, namely in a monetary fashion.
With ports being such a target for cybercriminals and cyberterrorists, the upper management in charge of ports would do well to improve both their cybersecurity defenses and the knowledge that their employees have on proper cybersecurity procedures.
Featured image: Wikimedia