After a zero-day exploit to the maritime transportation sector, DHS’s National Cybersecurity and Communications Integration Center notified potentially affected U.S. ports about the threat. They described the apparent vulnerability and provided preliminary mitigation measures.
By Andy Ozment
This past August, the Department of Homeland Security’s National Cybersecurity and Communications Integration Center (NCCIC) received notice that a remote attacker had used a zero-day exploit against the maritime transportation sector. The attacker exploited an SQL injection vulnerability in a web-based application used by multiple U.S. ports that provides real-time access to operational logistics information, resulting in a loss of valuable data.
Once notified of this cyber attack, the NCCIC’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) notified potentially-affected U.S. ports about the threat through an alert which details the specific vulnerability and provides preliminary mitigation measures. ICS-CERT also contacted the vendor of the application that had been exploited to learn additional details about the vulnerability and the status of an available patch. ICS-CERT successfully notified all U.S. ports that used the software and confirmed that they acquired and installed the necessary patch. ICS-CERT also shared the alert with relevant international partners and encouraged them to install the patch. Thanks to these efforts, the maritime transportation sector is more secure, resilient, and better prepared to respond to the next cyber attack.