Port Of Houston Cyber Attack – Experts Weigh In

Free Services to help you during COVID-19 Learn More

Support Request a Demo Contact Us Blog
Business Data Breach

Expert(s): ISBuzz Staff | Informationsecuritybuzz.com »

BACKGROUND:

In a report issued Thursday, Port Houston disclosed that “The Port of Houston Authority (Port Houston) successfully defended itself against a cybersecurity attack in August. Port Houston followed its Facilities Security Plan in doing so, as guided under the Maritime Transportation Security Act (MTSA), and no operational data or systems were impacted as a result.”

The report follows on a joint release (AA21-259A) last week by the Cybersecurity and Infrastructure Security Agency, FBI, U.S. Coast Guard Cyber Command and CISA warning of a newly identified vulnerability (CVE-2021-40539) in ManageEngine ADSelfService Plus.

U.S. Cybersecurity and Infrastructure Security Agency Director Jen Easterly disclosed Thursday, during a Senate Homeland Security and Governmental Affairs Committee, that the Houston Port was targeted through this vulnerability. Experts with Shared Assessments, Security Gate, Hay Stack Solutions and Gurucul offer thoughts.

EXPERTS COMMENTS
Saryu Nayyar

| September 27, 2021

Saryu Nayyar, CEO, Gurucul

There are rarely publicized success stories in cybersecurity; usually we hear about damaging breaches. So this story that The Port of Houston has successfully fended off an attack is encouraging to hear. The attackers attempted to make use of a new vulnerability in ManageEngine ADSelfService Plus, a password management service to enter the network.

Infrastructure such as port operations are fertile ground for ransomware-style attacks, due to both their critical nature and often their relatively poor security practices. Ports, utilities, airports, and other types of infrastructure should have both comprehensive security systems coupled with active monitoring of endpoints, IoT devices, servers, network, and individual systems so that early detection and remediation become the norm, rather than the exception.

 

| September 27, 2021

Cherise Esparza, CPO, CTO & Co-Founder, SecurityGate

This is a good news story demonstrating when organizations are prepared, adhere to guidelines, and have security controls in place with the proper processes, attacks can be thwarted!

 

| September 27, 2021

David White, Founder and President, Axio
As we’ve learned in recent months with Colonial Pipeline and Pinellas County Water Treatment facility, critical Infrastructure is extremely susceptible to ransomware attacks. And with the increased interest in logistics, it’s not surprising that attackers are targeting seaports. Although the Port of Houston was using strong passwords through ManageEngine’s password vault, the hackers were still able to exploit a flaw, further validating that attackers continue to out sophisticate security best practice solutions. If an attacker can decrypt the keys to get into the vault, then they can easily take command and control of systems.

Defensive security practices (including password vaulting) will again be a new focus point for exploitation by attackers. In May, the Biden Administration’s cybersecurity EO emphasized infrastructure protections and is evaluating several different proposals around what software companies are obligated to disclose about their software vulnerabilities. Digital transformation, the increasing shift to cloud (especially post-CoVID) is an exciting time for businesses, but the underlying cyber risk doesn’t go away just by using a SaaS provider. Take extra care in evaluating new service offerings and look towards a risk management framework in identifying, classifying and mitigating these new risks to your organization.

 

| September 27, 2021

Danny Lopez, Ceo, Glasswall

While it’s positive the Port of Houston cyberattack did not disrupt operations, the fact that foreign adversaries were able to obtain legitimate credentials for the systems belonging to one of the largest ports on the U.S. Gulf Coast is concerning. More details on how the intrusion happened will likely be revealed in the coming days, but for now, it’s worth underlining how to minimize the risk and impacts of credential theft.

Critical infrastructure organisations need to adopt robust processes for onboarding and offboarding employees and affiliates that may receive access to key information systems. It’s vital to control privileged access and to monitor those that enjoy that administrator privilege. Ensuring that multi-factor authentication is enforced wherever possible, is a vital defence where user credentials find their way into the hands of adversaries. This will help to limit the blast radius, and in most cases, defeat the data breach.

Even if all procedures and policies are well-executed, then there’s no escaping the fact that adversaries are constantly looking to probe vulnerabilities and to insert malware into the environment to enable surveillance, often using everyday business documents which we all use. It’s vital that ports like this, and all organisations, invest in cyber protection services that stay ahead of attackers by eliminating the threats while still allowing employees to do their vital work and the business to function.

Attacks like these demonstrate that a traditional castle-and-moat approach to network security leaves organisations exposed. Zero trust security sees the world differently. No one is trusted by default, regardless of whether they are inside or outside a network. In a world where data can be held amongst multiple cloud providers, it is crucial to strengthen all processes relating to access verification. Without a zero-trust approach, organisations run the risk of attackers having a free reign across a network once they are inside.

 

| September 27, 2021

Ron Bradley, VP, Shared Assessments

There’s a lot to unravel here, and it’s a fairly complex technical discussion. It’s ironic this notification originated from the Port of Houston, because it’s very much in line with what I advise in many instances, and that is to know your ports and protocols. What holds true in shipping ports also holds true in network ports which are synonymous in a certain sense. In shipping ports, the protocol is to understand which ships are coming into the port and what is contained within the shipment. The same holds true for networking ports and protocols. Companies must be diligent about continuously scanning open ports from the outside of their network and ensuring no unauthorized ports are accessible.

The primary mitigation to this particular attack would be to not allow the password reset application to be accessible from outside networks. If that’s not practical or possible, then additional layers must be implemented such as multi factor authentication, in addition to the appropriate intrusion detection and intrusion prevention mechanisms.

 

| September 27, 2021

Shlomie Liberow, Technical Program Manager, HackerOne

Speed is sometimes touted as the only real metric for cybersecurity and it certainly paid off in this instance. When safeguarding critical infrastructure, detection capability is paramount – when security teams spot unusual activity quickly on networks, they can unravel the operation of a potential threat actor. The average mean time for detecting a breach can be up to one year, so the Houston Port security isolating the computer network within hours is most certainly a win.

What’s more, the Port of Houston was transparent about the attack, indicating a wider culture shift away from one that prioritizes security through obscurity. Transparency and collaboration will support critical infrastructure to best prepare and protect against nation state actors.

This breach demonstrates the urgent need to speed up the maritime cybersecurity plan, which has set a goal of “closing maritime cybersecurity gaps and vulnerabilities over the next five years.” This goal can be greatly enhanced through collaboration with the ethical hacking community, who can provide continuous security testing, finding, and reporting vulnerabilities before an intruder can access and shut down critical systems.

 

| September 27, 2021

Doug Britton, Ceo, Haystack Solutions

This successful defense is a stark reminder that organizations and agencies alike are under constant threat from bad actors, including nation-states. Also, remnants from SolarWinds still can pose a threat, even after all this time. It takes a strong cyber team to battle these kinds of threats. We need to make sure to continue our investment in cybersecurity. The profession needs to grow at a strong rate and remain robust as future battles like this will continue to be digital.

Houston Cyber Attack
External Link: Port Of Houston Cyber Attack – Experts Weigh In

Share this page:

Related Posts