- The Washington Times - Thursday, June 3, 2021

The Metropolitan Transportation Authority in New York confirmed it recently faced a cyberattack as the Steamship Authority in Massachusetts attempts to come back from one as well.

The incidents became public Wednesday, adding to a growing list of high-profile hacking victims alongside the likes of the Colonial Pipeline and meat producer JBS USA.

Neither of the two newly disclosed attacks crippled either target, but they could have caused serious damage had the hackers managed to steal data or shut down critical systems.

The MTA, which operates public transportation in and around New York City, acknowledged the attack occurred shortly after a report in the New York Times said that it had been hacked in April.

MTA officials described the incident as an “attack” but stressed it had no impact. Officials said MTA learned in late April that three of its systems had been affected by a freshly discovered cybersecurity vulnerability and that it patched them immediately.

“The MTA quickly and aggressively responded to this attack, bringing on Mandiant, a leading cybersecurity firm, whose forensic audit found no evidence operational systems were impacted, no employee or customer information breached, no data loss and no changes to our vital systems,” said Rafail Portnoy, MTA chief technology officer.

“Importantly, the MTA’s existing multi-layered security systems worked as designed, preventing spread of the attack and we continue to strengthen these comprehensive systems and remain vigilant as cyber-attacks are a growing global threat,” he said in a statement.

MTA officials said it learned in late April that three of its 18 computer systems had been affected by a newly disclosed vulnerability and that it patched them as soon as possible.

Mandiant declined to comment when reached by The Washington Times.

The Steamship Authority, which operates ferry services between mainland Massachusetts and Martha’s Vineyard and Nantucket, said Thursday that it was still reeling from a more recent attack.

For the second day in a row, the Steamship Authority said a cyberattack had affected its ticketing system, effectively making customers unable to book or change reservations online or by phone.

The Steamship Authority said ferry trips would continue as scheduled, but it advised passengers to bring cash as a result of the attack limiting access to its credit card systems.

News of both hacks emerged as JBS USA, one of the largest producers of meat, was recovering from an attack that disrupted operations at several plants in the U.S. and abroad.

Last month, the Colonial Pipeline Co., one of the nation’s largest suppliers of fossil fuels, briefly suspended operations as a result of a cyberattack.

The Steamship Authority and Colonial have each said they were attacked using ransomware, a type of malicious software designed to make a system unusable until the victim pays a ransom.

White House spokespeople have said JBS USA was attacked with ransomware. The company has not confirmed what type of malware was used. It said it plans to resume production at all its facilities Thursday.

“All organizations must recognize that no company is safe from being targeted by ransomware, regardless of size or location,” the White House said in a memo this week. “But there are immediate steps you can take to protect yourself, as well as your customers and the broader economy. Much as our homes have locks and alarm systems and our office buildings have guards and security to meet the threat of theft, we urge you to take ransomware crime seriously and ensure your corporate cyber defenses match the threat.”

The Justice Department said Thursday it will elevate ransomware attack investigations to the same priority as terrorism, meaning that every new report of an attack or new development in an ongoing investigation must be declared “urgent.”.

Jeff Mordock contributed to this report.

• Andrew Blake can be reached at ablake@washingtontimes.com.

Copyright © 2024 The Washington Times, LLC. Click here for reprint permission.

Please read our comment policy before commenting.