A leading port in the United States has successfully fended off an attempted cyber-attack, which authorities believe was sponsored by a foreign power.
Cybersecurity and Infrastructure Security Agency (CISA) director Jen Easterly revealed to a Senate committee on September 23 that malicious hackers had targeted the Port of Houston in August.
The 25-mile-long port complex is one of the largest on the US Gulf Coast and handles around 247 million tons of cargo per year, according to the port’s website.
Easterly divulged to the Senate Homeland Security and Governmental Affairs Committee that while attribution of cyber-attacks “can always be complicated,” she was of the opinion that a “nation-state actor” was to blame in this case.
“At this point in time, I would have to get back with my colleagues, but I do think it is a nation-state actor,” said Easterly. However, the cyber leader did not go so far as to name which one she believed to be responsible.
The Port of Houston put out a brief statement on Thursday announcing that a digital assault against its systems had come to naught.
“The Port of Houston Authority (Port Houston) successfully defended itself against a cybersecurity attack in August. Port Houston followed its Facilities Security Plan in doing so, as guided under the Maritime Transportation Security Act (MTSA), and no operational data or systems were impacted as a result,” read the statement.
Hackers exploited a previously unknown vulnerability in password management software to break into one of the port’s web servers at 2:38pm UTC on August 19, according to Coast Guard analysis of the incident, obtained by CNN.
The threat actor installed malicious code to expand their access to the system and then exfiltrated all the log-in credentials for a piece of Microsoft password management software used to control network access.
“If the compromise had not been detected, the attacker would have had unrestricted remote access to the [IT] network,” the unclassified report by US Coast Guard Cyber Command reportedly reads.
“With this unrestricted access, the attacker would have had numerous options to deliver further effects that could impact port operations.”