Major US Port Targeted in August Cyberattack: CISA Officials

Major US Port Targeted in August Cyberattack: CISA Officials
A man types on a computer keyboard in Warsaw on Feb. 28, 2013. Kacper Pempel/Reuters
Katabella Roberts
Updated:

A major U.S. port was targeted in an attempted cyberattack last month, the Port said in a statement on Sept. 23.

The Port of Houston, which is the nation’s largest port for waterborne tonnage and a critical economic engine for the Houston region, the state of Texas, and the nation, was able to successfully defend itself against the attack and no operational data or systems were impacted.

“The Port of Houston Authority (Port Houston) successfully defended itself against a cybersecurity attack in August,” the statement reads. “Port Houston followed its Facilities Security Plan in doing so, as guided under the Maritime Transportation Security Act (MTSA), and no operational data or systems were impacted as a result.”

Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly first told a Senate panel about the attack Thursday morning, during a hearing on Cybersecurity and protecting critical infrastructure.

Easterly said she believes that a “nation-state actor” was behind the attack.

“We are working very closely with our interagency partners and the intelligence community to better understand this threat actor so that we can ensure that we are not only able to protect systems, but ultimately to be able to hold these actors accountable,” Easterly said.

The hack involved the password management program called ManageEngine ADSelfService Plus, The Associated Press reports. CISA, the FBI, and the U.S. Coast Guard last week issued an alert warning that a newly identified vulnerability in the software poses a “serious risk.”

“The exploitation of ManageEngine ADSelfService Plus poses a serious risk to critical infrastructure companies, U.S.-cleared defense contractors, academic institutions, and other entities that use the software,” the joint advisory warned.

“Successful exploitation of the vulnerability allows an attacker to place webshells, which enable the adversary to conduct post-exploitation activities, such as compromising administrator credentials, conducting lateral movement, and exfiltrating registry hives and Active Directory files.”

The latest attack comes as defending the United States has become a key priority for President Joe Biden’s administration amid a wave of increasingly sophisticated cyberattacks on companies such as NEW Cooperative, which on Monday said its systems were offline to contain a cybersecurity incident, just as the U.S. farm belt gears up for harvest.
In August, the White House announced that a number of the country’s leading technology companies have pledged to invest billions of dollars to bolster cybersecurity by training tens of thousands of people in cybersecurity skills, enhancing open-source software security, and providing technical services to help local governments boost security protections.
Amazon, Apple, Google, and IBM are among some of the companies to have made cybersecurity development and investment pledges, according to the White House.
Tom Ozimek and The Associated Press contributed to this report.
Related Topics