In a seeming continuously growing list of attacks on critical infrastructure, two major passenger transportation entities reported yesterday they had fallen victim. The Steamship Authority, the largest ferry service to the Massachusetts Islands of Martha’s Vineyard and Nantucket from Cape Cod, reported that ransomware disrupted its services causing delays and taking the web-based and phone-based reservation systems offline. According to a tweet by The Steamship Authority, there was no impact to the safety of vessel operations, as the issue did not affect radar or GPS functionality.
Additionally, New York’s Metropolitan Transportation Authority (MTA) came forward Wednesday, revealing it had experienced an attack in April. According to reports, CISA and the FBI notified the MTA of the breach in late April. The MTA attack appears to have exploited vulnerabilities to access three of eighteen computer systems – the vulnerabilities were reportedly “patched up” the next day. The MTA states the compromise had no impact on riders, employees, or contractors and did not disrupt operations. For more on both incidents, along with a summary of other recent critical infrastructure incidents, visit the Wall Street Journal. SecurityWeek also has coverage on The Steamship Authority.