Incident Of The Week: Gov. Transit Agency Attacked By N. Korean Malware



Dan Gunderman
01/26/2018

In the dynamic world of cyber security, breaches are both tightly guarded and, sadly, imminent.

Combing through data, market research and threat-defense efforts taken by enterprises can be a daunting task. Here at Cyber Security Hub, we both track the latest industry news and make it more navigable for the IT professional. CSHub coverage extends outwards – as it helps enterprises batten down their proverbial hatches.

In this edition of “Incident of the Week,” we examine a security event that affected a state-run Canadian transit system this month.

Metrolinx, an agency of the government of Ontario whose rails and buses connect suburban Toronto, revealed this week that malware had been planted on its computer system. A spokeswoman also confirmed to Cyber Security Hub that the strain was detected by its InfoSec hacking team, alongside provincial penetration experts.

The Ontario government also appears confident that the perpetrators were North Korean black hats – utilizing servers routed through Russia.

Anne Marie Aikins, Metrolinx’s senior manager of media, told Cyber Security Hub that “at no time was staff or customer privacy (including any personal or financial data) ever breached or the safety of our trains and buses compromised.”

Aikins continued, saying, “Safety is always our first priority in everything we do. Due to security we cannot discuss any further details of this attack.”

On mitigating the threat, however, Aikins said, “We took immediate action to protect our customers and our services. We invest in strong protections, conduct daily testing and monitoring and we are constantly upgrading our protections to ensure our customers’ information and their safety is never compromised.”

Aikins emphasized that Metrolinx is continuing to monitor the recent attack.

See Related: Incident Of The Week: Hospital Pays $55K In Bitcoin After Ransomware Attack

This week, the government released additional information about the attack as well – providing background on its continual threat monitoring efforts.

The information provided to the Cyber Security Hub suggests that “every day, the Ontario government and its agencies defend against thousands of cyber-attacks. Recently, Metrolinx…was attacked by North Korea. This cyber-attack was routed through servers in Russia.”

It cautioned against releasing additional details on the attack, due to “sensitivities around cyber security.”

“We are committed to diligently safeguarding the data entrusted to us by Ontario’s residents and businesses,” the statement reads. “A comprehensive Ontario Public Service (OPS)-wide approach to cyber security – including people, processes and technology – is in place to protect public information and the OPS network, information technology assets and systems against intrusion, malicious use and cyber threats.”

See Related: Incident Of The Week: Phishing Scam Affects 30K Medicaid Members

The statement outlines the government’s regular assessments and adjustments in the cyber security space. It said it frequently collaborates with federal government security, intelligence partners and trusted industry partners.

An ethical hacking team is responsible for monitoring the applications and systems, and assessing ability to withstand attack.

Still, no enterprise is impenetrable. “Given the ever-evolving threat landscape, even well-designed systems may become susceptible to new vulnerabilities that can emerge over time,” the statement continues.

It also points to early identification and remediation of potential weaknesses as some of the best ways to ensure optimal security posture.