PYMNTS-MonitorEdge-May-2024

Seattle Port Still on ‘High Alert’ Following ‘Fast-Moving’ Cyberattack 

The Port of Seattle has provided new details about a ransomware cyberattack last month. 

The “fast-moving” incident on August 24 was carried out by a criminal organization known as Rhysida, the port, which also operates Seattle-Tacoma Airport, said in a news release Friday (Sept. 13).

“Our investigation has determined that the unauthorized actor was able to gain access to certain parts of our computer systems and was able to encrypt access to some data,” the release said.

“We took steps to block further activities including disconnecting our systems from the internet, but unfortunately, the encryption and our response actions hindered some port services including baggage, check-in kiosks, ticketing, Wi-Fi, passenger display boards, the Port of Seattle website, the flySEA app, and reserved parking.”

The port was able to restore most of those systems within a week, though some work is ongoing. The Port of Seattle also refused to pay the cyberattack ransom, which means the hackers could respond by posting stolen data on the darkweb.

“Assessment of the data taken is complex and takes time, but we are committed to these efforts and notifying potentially impacted stakeholders as appropriate,” the release said. “In particular, if we identify that the actor obtained employee or passenger personal information, we will carry out our responsibilities to inform them.”

The organization says it has been boosting security through measures like strengthening its identity management and authentication protocols and enhancing its monitoring. The port says it is still on “heightened alert” but adds that it is safe to travel from the airport and use the city’s maritime facilities.

Incidents such as these underscore the fact that traditional cybersecurity solutions, while still critical, “are no longer sufficient to safeguard against sophisticated attacks,” PYMNTS wrote last month when news of the port attack first emerged.

To safeguard critical assets and uphold operational integrity, organizations must combine established best practices with innovative, emerging security measures.

In interviews for PYMNTS’ “What’s Next in Payments” series, executives hammered home the same point: General best practices should be mixed with emerging security solutions, and that being proactive is the first step in protecting the perimeter.

“A multilayered security strategy, also known as defense in depth, is essential for mitigating risks at various levels,” PYMNTS wrote. 

“This approach involves implementing multiple defensive measures across the enterprise network, including firewalls, intrusion detection/prevention systems (IDS/IPS), endpoint protection, and network segmentation. By creating multiple barriers, organizations can prevent or contain breaches before they cause significant damage.”

 

PYMNTS-MonitorEdge-May-2024