domingo, 19 mayo 2024
Visitas totales a la web: 89656562

El portal de los profesionales de seguridad y emergencias

Nº 1 del mundo en español en seguridad global

Soluciones de seguridad global

CISA Director: Attackers Targeted Port of Houston

Scott Ferguson

Jen Easterly Offered Details of Investigation That Led to Joint Security Alert.

During testimony before a U.S. Senate committee hearing Thursday, Cybersecurity and Infrastructure Security Agency Director Jen Easterly told lawmakers that a recent joint alert issued by her agency, the FBI and the Coast Guard Cyber Command stemmed from an attempted attack against the Port of Houston in August.

When answering questions from Ohio Republican Sen. Rob Portman, who is the ranking member of the Senate Homeland Security and Governmental Affairs Committee, Easterly testified that the joint alert from the three agencies issued on Sept. 16 stemmed from a cyber incident at the port.

That alert concerned a vulnerability in Zoho Corp.’s single sign-on and password management tool that a nation-state group appeared to be trying to exploit. The attackers appear to have wanted to target the operators of U.S. critical infrastructure as well as defensive contractors, transportation and logistics firms and academic institutions (see: US Warns Nation-State Groups May Exploit Flaw in Zoho Tool).

During her testimony Thursday, Easterly noted that the information was first relayed from the Port of Houston to the Coast Guard and finally to the FBI and CISA.

«We worked with the U.S. Coast Guard on a vulnerability at the Port of Houston and found out about this. We worked with our FBI partners and our Coast Guard partners to better understand that vulnerability, and we were then able to get that information out to see, whether, in fact, we saw the same vulnerability across the federal cyber ecosystem,» said Easterly who added that this type of threat information sharing was the first test of CISA’s Joint Cyber Defense Collaborative announced in August.

In a statement, the Port of Houston noted that the facility «successfully defended itself against a cybersecurity attack in August. Port Houston followed its Facilities Security Plan in doing so, as guided under the Maritime Transportation Security Act, and no operational data or systems were impacted as a result.»

The Port of Houston is one of the largest ports in the U.S. and includes 200 private and eight public terminals along a 25-mile complex near the Gulf of Mexico. Over the years, the port has contributed about $330 billion worth of economic activity to Texas alone, according to the port’s website.

Nation-State Actor?

Portman pressed Easterly about what she knew about the advanced persistent threat actor group attempting to exploit the Zoho vulnerability at the Port of Houston. She noted that CISA was working on attribution, but had not formally attributed the incident to a particular threat group or a nation-state.

«We are working very closely with our interagency partners and the intelligence community to better understand this threat actor so that we can ensure that we are not only able to protect systems, but ultimately to be able to hold these actors accountable,» Easterly said during the hearing, which mainly focused on improving cybersecurity within the nation’s critical infrastructure (see: Senators Debate Cyber Rules for US Critical Infrastructure).

The joint alert only notes that a nation-state group may try to exploit the vulnerability, but does not offer any additional details.

CISA Director Jen Easterly testifying before the Senate Homeland Security Committee on Thursday

While it appears that the attackers managed to gain an initial foothold into the Port of Houston’s network and did manage to steal login credentials, the incident was discovered and stopped before any of the facility’s operations were affected, according to CNN, which obtained an initial assessment report by the Coast Guard.

A spokesperson for CISA declined to comment on Easterly’s testimony and the U.S. Coast Guard could not be immediately reached for comment on Friday.

Facilities such as the Port of Houston are likely targets of these types of cyberthreats and have done a poor job over the years of increasing their security defenses to deal with attacks, says Mike Hamilton, the former vice chair for the Department of Homeland Security’s State, Local, Tribal, and Territorial Government Coordinating Council, who also served as the CISO of Seattle.

«Historically, the U.S. Coast Guard has required ports to submit a ‘facility security plan’ every two years. It is only recently that the FSP has had to include cybersecurity, in the form of a self-assessment against the National Institute of Standards and Technology cybersecurity framework,» says Hamilton, who is now the CISO of security firm Critical Insight.

Hamilton adds that incidents such as the attempted attack against the Port of Houston are likely to make the Coast Guard rethink its cybersecurity assessments of these facilities. «The Coast Guard is going to become much more regulatory, potentially with audits by third parties replacing self-assessments – which are always aspirational,» he says.

In January, the Trump administration released a National Maritime Cybersecurity Plan designed to help improve security by eliminating conflicting standards and identifying cyber risks, especially as these transportation operators rely more on IT systems as part of their infrastructure (see: Maritime Cybersecurity Plan Unveiled).


The Sept. 16 joint alert concerned a vulnerability, tracked as CVE-2021-40539, which is found in Zoho’s ManageEngine ADSelfService Plus – a self-service password management and single sign-on tool. The flaw has a CVSS score of 9.8 out of 10, making the vulnerability «critical.»

On Sept. 6, Zoho released ADSelfService Plus build 6114, which contains a fix for CVE-2021-40539, and the joint alert from CISA, the FBI and the Coast Guard urges user of the company’s tool to apply the patch as soon as possible.

If successfully exploited, an attacker can use the vulnerability to plant malicious web shells within a network and then compromise credentials, move laterally through the network and exfiltrate data, including from registry hives and Active Directory files, the alert notes.

Fecha de publicaciónseptiembre 24, 2021

BELT.ES no se hace responsable de las opiniones de los artículos reproducidos en nuestra Revista de Prensa, ni hace necesariamente suyas las opiniones y criterios expresados. La difusión de la información reproducida se realiza sin fines comerciales. 

Listado de Expertos


Profesión militar: Obediencia debida frente a la obligación de disentir

Con ocasión de la realización de estudios en el Instituto Universitario Gutiérrez Mellado tuve la ocasión de leer y analizar una serie de documentos de opinión que trataban en profundidad las diferentes facetas presentes en el campo de las relaciones cívico-militares; temas que , habitualmente, no han estado presentes en los diferentes cursos y actividades formativas en la enseñanza militar, ni, por supuesto, en la civil.

El amor de Macarena Olona por la Guardia Civil empieza por su pareja, un joven oficial condecorado

El padre de su hijo llegó a la Benemérita como militar de carrera y, los que le...

Responsable Servicio de Prevención Propio

Fundación SUMMA HUMANITATE Madrid (España)

Últimas noticias


Con este primer artículo, queremos iniciar una serie sobre la seguridad de los Juegos Olímpicos y Paralímpicos de “Paris 2024”. En dicha serie, vamos a analizar la naturaleza del evento, para entender su dimensión y la complejidad de dotarle de unas condiciones adecuadas para las tres situaciones que pueden darse en un evento.

La empresa privada que investiga el incendio de Valencia avisa sobre los peligros de las fachadas ventiladas

Se trata de Synthesis, la misma que indagó sobre el colapso de la Torre Windsor de Madrid, en 2005, o el fuego...

Lecciones del incendio de Valencia

El reciente incendio del edificio de Valencia ha hecho que se ponga el foco de atención en este tipo de riesgos, y en las medidas preventivas y reactivas para la protección frente a ellos.

El país más bello y triste jamás inventado

David Jiménez retrata el mundo de los reporteros en la novela 'El Corresponsal', inspirada en hechos reales y ambientada en el totalitarismo...

¿Sabes cuáles son las diferencias entre la Guardia Civil de la Policía Nacional?

Ambos cuerpos se dedican -en esencia- a velar por la protección de los ciudadanos. Sin embargo, cada uno de ellos tiene unas...