Archivos diarios: agosto 22, 2014

A14-212A: Backoff Point-of-Sale Malware

[technical]

nccis, alert, backoff, “Backoff” malware

NCCIC / US-CERT

National Cyber Awareness System:

TA14-212A: Backoff Point-of-Sale Malware

07/31/2014 07:30 AM EDT

Original release date: July 31, 2014 | Last revised: August 22, 2014

Systems Affected

Point-of-Sale Systems

Overview

This advisory was prepared in collaboration with the National Cybersecurity and Communications Integration Center (NCCIC), United States Secret Service (USSS), Financial Sector Information Sharing and Analysis Center (FS-ISAC), and Trustwave Spiderlabs, a trusted partner under contract with the USSS. The purpose of this release is to provide relevant and actionable technical indicators for network defense against the PoS malware dubbed "Backoff" which has been discovered exploiting businesses’ administrator accounts remotely and exfiltrating consumer payment data.

Over the past year, the Secret Service has responded to network intrusions at numerous businesses throughout the United States that have been impacted by the “Backoff” malware. Seven PoS system providers/vendors have confirmed that they have had multiple clients affected. Reporting continues on additional compromised locations, involving private sector entities of all sizes, and the Secret Service currently estimates that over 1,000 U.S. businesses are affected.

Recent investigations revealed that malicious actors are using publicly available tools to locate businesses that use remote desktop applications. Remote desktop solutions like Microsoft’s Remote Desktop [1], Apple Remote Desktop [2], Chrome Remote Desktop [3], Splashtop 2 [4], Pulseway [5] and LogMeIn [6] offer the convenience and efficiency of connecting to a computer from a remote location. Once these applications are located, the suspects attempted to brute force the login feature of the remote desktop solution. After gaining access to what was often administrator or privileged access accounts, the suspects were then able to deploy the point-of-sale (PoS) malware and subsequently exfiltrate consumer payment data via an encrypted POST request.

Organizations that believe they have been impacted should contact their local Secret Service field office and may contact the NCCIC for additional information.

Description

“Backoff” is a family of PoS malware and has been discovered recently. The malware family has been witnessed on at least three separate forensic investigations. Researchers have identified three primary variants to the “Backoff” malware including 1.4, 1.55 (“backoff”, “goo”, “MAY”, “net”), and 1.56 (“LAST”).

These variations have been seen as far back as October 2013 and continue to operate as of July 2014. In total, the malware typically consists of the following four capabilities. An exception is the earliest witnessed variant (1.4) which does not include keylogging functionality. Additionally, 1.55 ‘net’ removed the explorer.exe injection component:

  • Scraping memory for track data
  • Logging keystrokes
  • Command & control (C2) communication
  • Injecting malicious stub into explorer.exe

The malicious stub that is injected into explorer.exe is responsible for persistence in the event the malicious executable crashes or is forcefully stopped. The malware is responsible for scraping memory from running processes on the victim machine and searching for track data. Keylogging functionality is also present in most recent variants of “Backoff”. Additionally, the malware has a C2 component that is responsible for uploading discovered data, updating the malware, downloading/executing further malware, and uninstalling the malware.

Variants

Based on compiled timestamps and versioning information witnessed in the C2 HTTP POST requests, “Backoff” variants were analyzed over a seven month period. The five variants witnessed in the “Backoff” malware family have notable modifications, to include:

1.55 “backoff”

  • Added Local.dat temporary storage for discovered track data
  • Added keylogging functionality
  • Added “gr” POST parameter to include variant name
  • Added ability to exfiltrate keylog data
  • Supports multiple exfiltration domains
  • Changed install path
  • Changed User-Agent

1.55 “goo”

  • Attempts to remove prior version of malware
  • Uses 8.8.8.8 as resolver

1.55 “MAY”

  • No significant updates other than changes to the URI and version name

1.55 “net”

  • Removed the explorer.exe injection component

1.56 “LAST”

  • Re-added the explorer.exe injection component
  • Support for multiple domain/URI/port configurations
  • Modified code responsible for creating exfiltration thread(s)
  • Added persistence techniques

Command & Control Communication

All C2 communication for “Backoff” takes place via HTTP POST requests. A number of POST parameters are included when this malware makes a request to the C&C server.

  • op : Static value of ‘1’
  • id : randomly generated 7 character string
  • ui : Victim username/hostname
  • wv : Version of Microsoft Windows
  • gr (Not seen in version 1.4) : Malware-specific identifier
  • bv : Malware version
  • data (optional) : Base64-encoded/RC4-encrypted data

The ‘id’ parameter is stored in the following location, to ensure it is consistent across requests:

  • HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\identifier

If this key doesn’t exist, the string will be generated and stored. Data is encrypted using RC4 prior to being encoded with Base64. The password for RC4 is generated from the ‘id’ parameter, a static string of ‘jhgtsd7fjmytkr’, and the ‘ui’ parameter. These values are concatenated together and then hashed using the MD5 algorithm to form the RC4 password. In the above example, the RC4 password would be ‘56E15A1B3CB7116CAB0268AC8A2CD943 (The MD5 hash of ‘vxeyHkSjhgtsd7fjmytkrJosh @ PC123456).

File Indicators:

The following is a list of the Indicators of Compromise (IOCs) that should be added to the network security to search to see if these indicators are on their network.

1.4

Packed MD5: 927AE15DBF549BD60EDCDEAFB49B829E

Unpacked MD5: 6A0E49C5E332DF3AF78823CA4A655AE8

Install Path: %APPDATA%\AdobeFlashPlayer\mswinsvc.exe

Mutexes:

uhYtntr56uisGst

uyhnJmkuTgD

Files Written:

%APPDATA%\mskrnl

%APPDATA%\winserv.exe

%APPDATA%\AdobeFlashPlayer\mswinsvc.exe

Static String (POST Request): zXqW9JdWLM4urgjRkX

Registry Keys:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\identifier

HKCU\ SOFTWARE \Microsoft\Windows\CurrentVersion\Run\Windows NT Service

User-Agent: Mozilla/4.0

URI(s): /aircanada/dark.php

1.55 “backoff”

Packed MD5: F5B4786C28CCF43E569CB21A6122A97E

Unpacked MD5: CA4D58C61D463F35576C58F25916F258

Install Path: %APPDATA%\AdobeFlashPlayer\mswinhost.exe

Mutexes:

Undsa8301nskal

uyhnJmkuTgD

Files Written:

%APPDATA%\mskrnl

%APPDATA%\winserv.exe

%APPDATA%\AdobeFlashPlayer\mswinhost.exe

%APPDATA%\AdobeFlashPlayer\Local.dat

%APPDATA%\AdobeFlashPlayer\Log.txt

Static String (POST Request): ihasd3jasdhkas

Registry Keys:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\identifier

HKCU\ SOFTWARE \Microsoft\Windows\CurrentVersion\Run\Windows NT Service

User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Firefox/24.0

URI(s): /aero2/fly.php

1.55 “goo”

Pa cked MD5: 17E1173F6FC7E920405F8DBDE8C9ECAC

Unpacked MD5: D397D2CC9DE41FB5B5D897D1E665C549

Install Path: %APPDATA%\OracleJava\javaw.exe

Mutexes:

nUndsa8301nskal

nuyhnJmkuTgD

Files Written:

%APPDATA%\nsskrnl

%APPDATA%\winserv.exe

%APPDATA%\OracleJava\javaw.exe

%APPDATA%\OracleJava\Local.dat

%APPDATA%\OracleJava\Log.txt

Static String (POST Request): jhgtsd7fjmytkr

Registry Keys:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\identifier

HKCU\ SOFTWARE \Microsoft\Windows\CurrentVersion\Run\Windows NT Service

User-Agent:

URI(s): /windows/updcheck.php

1.55 “MAY”

Packed MD5: 21E61EB9F5C1E1226F9D69CBFD1BF61B

Unpacked MD5: CA608E7996DED0E5009DB6CC54E08749

Install Path: %APPDATA%\OracleJava\javaw.exe

Mutexes:

nUndsa8301nskal

nuyhnJmkuTgD

Files Written:

%APPDATA%\nsskrnl

%APPDATA%\winserv.exe

%APPDATA%\OracleJava\javaw.exe

%APPDATA%\OracleJava\Local.dat

%APPDATA%\OracleJava\Log.txt

Static String (POST Request): jhgtsd7fjmytkr

Registry Keys:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\identifier

HKCU\ SOFTWARE \Microsoft\Windows\CurrentVersion\Run\Windows NT Service

User-Agent:

URI(s): /windowsxp/updcheck.php

1.55 “net”

Packed MD5: 0607CE9793EEA0A42819957528D92B02

Unpacked MD5: 5C1474EA275A05A2668B823D055858D9

Install Path: %APPDATA%\AdobeFlashPlayer\mswinhost.exe

Mutexes:

nUndsa8301nskal

Files Written:

%APPDATA%\AdobeFlashPlayer\mswinhost.exe

%APPDATA%\AdobeFlashPlayer\Local.dat

%APPDATA%\AdobeFlashPlayer\Log.txt

Static String (POST Request): ihasd3jasdhkas9

Registry Keys:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\identifier

HKCU\ SOFTWARE \Microsoft\Windows\CurrentVersion\Run\Windows NT Service

User-Agent:

URI(s): /windowsxp/updcheck.php

1.56 “LAST”

Packed MD5: 12C9C0BC18FDF98189457A9D112EEBFC

Unpacked MD5: 205947B57D41145B857DE18E43EFB794

Install Path: %APPDATA%\OracleJava\javaw.exe

Mutexes:

nUndsa8301nskal

nuyhnJmkuTgD

Files Written:

%APPDATA%\nsskrnl

%APPDATA%\winserv.exe

%APPDATA%\OracleJava\javaw.exe

%APPDATA%\OracleJava\Local.dat

%APPDATA%\OracleJava\Log.txt

Static String (POST Request): jhgtsd7fjmytkr

Registry Keys:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\identifier

HKCU\ SOFTWARE \Microsoft\Windows\CurrentVersion\Run\Windows NT Service

HKLM\ SOFTWARE \Microsoft\Windows\CurrentVersion\Run\Windows NT Service

HKCU\SOFTWARE\Microsoft\Active Setup\Installed Components\{B3DB0D62-B481-4929-888B-49F426C1A136}\StubPath

HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{B3DB0D62-B481-4929-888B-49F426C1A136}\StubPath

User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Firefox/24.0

URI(s): /windebug/updcheck.php

Impact

The impact of a compromised PoS system can affect both the businesses and consumer by exposing customer data such as names, mailing addresses, credit/debit card numbers, phone numbers, and e-mail addresses to criminal elements. These breaches can impact a business’ brand and reputation, while consumers’ information can be used to make fraudulent purchases or risk compromise of bank accounts. It is critical to safeguard your corporate networks and web servers to prevent any unnecessary exposure to compromise or to mitigate any damage that could be occurring now.

Solution

At the time this advisory is released, the variants of the “Backoff’ malware family are largely undetected by anti-virus (AV) vendors. However, shortly following the publication of this technical analysis, AV companies will quickly begin detecting the existing variants. It’s important to maintain up‐to‐date AV signatures and engines as new threats such as this are continually being added to your AV solution. Pending AV detection of the malware variants, network defenders can apply indicators of compromise (IOC) to a variety of prevention and detection strategies.[7],[8],[9] IOCs can be found above.

The forensic investigations of compromises of retail IT/payment networks indicate that the network compromises allowed the introduction of memory scraping malware to the payment terminals. Information security professionals recommend a defense in depth approach to mitigating risk to retail payment systems. While some of the risk mitigation recommendations are general in nature, the following strategies provide an approach to minimize the possibility of an attack and mitigate the risk of data compromise:

Remote Desktop Access

  • Configure the account lockout settings to lock a user account after a period of time or a specified number of failed login attempts. This prevents unlimited unauthorized attempts to login whether from an unauthorized user or via automated attack types like brute force.[10]
  • Limit the number of users and workstation who can log in using Remote Desktop.
  • Use firewalls (both software and hardware where available) to restrict access to remote desktop listening ports (default is TCP 3389).[11]
  • Change the default Remote Desktop listening port.
  • Define complex password parameters. Configuring an expiration time and password length and complexity can decrease the amount of time in which a successful attack can occur.[12]
  • Require two-factor authentication (2FA) for remote desktop access.[13]
  • Install a Remote Desktop Gateway to restrict access.[14]
  • Add an extra layer of authentication and encryption by tunneling your Remote Desktop through IPSec, SSH or SSL.[15],[16]
  • Require 2FA when accessing payment processing networks. Even if a virtual private network is used, it is important that 2FA is implemented to help mitigate keylogger or credential dumping attacks.
  • Limit administrative privileges for users and applications.
  • Periodically review systems (local and domain controllers) for unknown and dormant users.

Network Security

  • Review firewall configurations and ensure that only allowed ports, services and Internet protocol (IP) addresses are communicating with your network. This is especially critical for outbound (e.g., egress) firewall rules in which compromised entities allow ports to communicate to any IP address on the Internet. Hackers leverage this configuration to exfiltrate data to their IP addresses.
  • Segregate payment processing networks from other networks.
  • Apply access control lists (ACLs) on the router configuration to limit unauthorized traffic to payment processing networks.
  • Create strict ACLs segmenting public-facing systems and back-end database systems that house payment card data.
  • Implement data leakage prevention/detection tools to detect and help prevent data exfiltration.
  • Implement tools to detect anomalous network traffic and anomalous behavior by legitimate users (compromised credentials).

Cash Register and PoS Security

  • Implement hardware-based point-to-point encryption. It is recommended that EMV-enabled PIN entry devices or other credit-only accepting devices have Secure Reading and Exchange of Data (SRED) capabilities. SRED-approved devices can be found at the Payment Card Industry Security Standards website.
  • Install Payment Application Data Security Standard-compliant payment applications.
  • Deploy the latest version of an operating system and ensure it is up to date with security patches, anti-virus software, file integrity monitoring and a host-based intrusion-detection system.
  • Assign a strong password to security solutions to prevent application modification. Use two-factor authentication (2FA) where feasible.
  • Perform a binary or checksum comparison to ensure unauthorized files are not installed.
  • Ensure any automatic updates from third parties are validated. This means performing a checksum comparison on the updates prior to deploying them on PoS systems. It is recommended that merchants work with their PoS vendors to obtain signatures and hash values to perform this checksum validation.
  • Disable unnecessary ports and services, null sessions, default users and guests.
  • Enable logging of events and make sure there is a process to monitor logs on a daily basis.
  • Implement least privileges and ACLs on users and applications on the system.

References

Revision History

  • July, 31 2014 – Initial Release
  • August 18, 2014 – Minor revision to remote desktop solutions list
  • August 22, 2014 – Changes to the Overview section

£9 million available funding for future of Maritime Autonomous Systems

The UK’s Ministry of Defence (MOD) is making £9 million available to support the future of Maritime Autonomous Systems (MAS).

The funding is available through four initiatives, each addressing different areas of maritime autonomy:

Autonomous Systems Underpinning Research (ASUR)
This competition for unmanned system enablers for all environments will award projects of around £250,000 each for a total worth £1.5 million. It is sponsored by Dstl (Defence Science and Technology Laboratory)

Adaptive Autonomous Ocean Sampling Networks
This Small Business Research Initiative (SBRI) competition will address the tracking of dynamic maritime features with unmanned vehicles. It will award projects of around £250,000 for a total £1.5 million available. It is sponsored by the Natural Environment Research Council and Dstl.

Maritime Autonomous Systems (MUxV) Technology
This competition is dedicated to Underwater Unmanned Vehicles (UUVs) and Unmanned Surface Vehicles (USVs) for defence applications. Sponsored by Solent Local Enterprise Partnership, it is directed at SMEs in the Solent, whose projects can receive up to £75,000 for a total available funding of £1 million.

Towards Excellence in Maritime Autonomous Systems
Aimed at Maritime Unmanned Vehicles for defence and civil applications, this competition will award projects of £500,000 – £1.5 million, with an available total of £5 million sponsored by the UK’s Technology Strategy Board and Dstl.

“The opportunities presented by Maritime Autonomous Systems are very exciting,” said Philip Smith, Affordable Maritime Presence programme manager at Dstl.

“However if we are to fully exploit these opportunities we need to invest in key areas such as Supervised Autonomy and Deployment & Recovery in order to meet future requirements and position the UK as a world leader in next generation Maritime Mission Systems.

Read more: http://thedigitalship.com/news/maritime-software/item/3353-9-million-available-funding-for-future-of-maritime-autonomous-systems#ixzz3BAreoGuS

Admiralty Information Overlay added to Sperry ECDIS

· Tuesday, 19 August 2014 | Electronics & Navigation

AIO-compatible ECDIS shown in operation off the coast of New Zealand

The VisionMaster FT (VMFT) software used in Sperry Marine ECDIS equipment will now include the Admiralty Information Overlay (AIO) as an integral element of its navigation system, the company has announced.

AIO is a free service included with the Admiralty Vector Chart Service (AVCS), making additional chart information available to ships’ navigators, such as worldwide Temporary and Preliminary Notices to Mariners (T&P NMs) to be used in conjunction with ENCs.

The UKHO says that AIO is also the only service to include ENC Preliminary Notices to Mariners (EPNMs), the result of the Admiralty Assurance Programme, a review of the world’s ENCs undertaken by the UKHO to identify and resolve significant differences between ENCs and existing paper charts.

“With Northrop Grumman Sperry Marine’s AIO-compatible ECDIS, we enable our customers to plan and execute updated routes with increased safety and efficiency,” said Jeanne A. Usher, managing director, Northrop Grumman Sperry Marine.

Read more: http://thedigitalship.com/news/electronics-navigation/item/3366-admiralty-information-overlay-added-to-sperry-ecdis#ixzz3BAple3gx

International Maritime Bureau (IMB) issues ‘cyber piracy’ warning

The International Maritime Bureau (IMB) has issued a statement warning of the increasing threat of cyber-attacks against the shipping industry, fearing that the sector could become the ‘next playground for hackers’.

In a statement on its website IMB says that “Recent events have shown that systems managing the movement of goods need to be strengthened against the threat of cyber-attacks.”

“It is vital that lessons learnt from other industrial sectors are applied quickly to close down cyber vulnerabilities in shipping and the supply chain.”

The Bureau notes that the threat of cyber-attacks in maritime has grown, with cyber security experts highlighting the dangers posed by criminals targeting carriers, ports, terminals and other transport operators, while the growing sophistication of the IT systems used in shipping has introduced new vulnerabilities.

The statement also references a speech recently given by the TT Club’s insurance claims expert Mike Yarwood at the TOC Container Supply Chain Europe conference in London, who said, “We see incidents which at first appear to be a petty break-in at office facilities. The damage appears minimal – nothing is physically removed.”

“More thorough post incident investigations however reveal that the ‘thieves’ were actually installing spyware within the operator’s IT network.”

IMB says that Mr Yarwood also spoke about a new trend whereby individual workers’ personal devices were being targeted, to gather data on routing patterns and to extract information such as release codes for containers from terminal facilities or passwords to discover delivery instructions.

“In instances discovered to date, there has been an apparent focus on specific individual containers in attempts to track the units through the supply chain to the destination port,” said Mr Yarwood.

“Such systematic tracking is coupled with compromising the terminal’s IT systems to gain access to, or generate release codes for specific containers. Criminals are known to have targeted containers with illegal drugs in this way; however such methods also have greater scope in facilitating high value cargo thefts and human trafficking.”

IMB also notes that accounting firm KPMG has added its voice to the debate, warning that hackers are the new open sea pirates, referencing Wil Rockall, a director in the organisation’s cyber security team.

Mr Rockall says that the cyber security of maritime control systems are controlled by engineers and not chief information security officers (CISOs) or chief information officers (CIOs), and as a result are lacking security controls and are vulnerable to hackers.

“Most ports and terminals are managed by industrial control systems which have, until very recently, been left out of the CIO’s scope. Historically, this security has not been managed by company CISOs and maritime control systems are very similar,” he said.

“As a consequence, the improvements that many companies have made to their corporate cyber security to address the change in the threat landscape over the past three to five years have not been replicated in these environments. Instead engineers have often been left to implement and manage these systems – people who focus normally on optimising processes efficiency and safety, not cyber and security risks. It has meant that many companies and their clients are sailing into uncharted waters when they come to try and manage these risks.”

“We have found that one of the main blockers in improving this is a real translation problem when corporate IT security teams attempt to impose their standards on industrial control systems or maritime control systems. KPMG’s work with the operator of one of the largest fleets of crude oil and oil products tankers and liquefied natural gas carriers in the world, found that bridging that gap and coming up with pragmatic solutions to improve industrial control systems security without compromising process efficiency or safety, are vital to the success of industrial control systems cyber risk management.”

Read more: http://www.thedigitalship.com/news/maritime-software/item/3369-imb-issues-cyber-piracy-warning#ixzz3BApN0OxE

La disposición 1108/13 y sus consecuencias en el comercio exterior de la región

El Consejo Directivo y el Consejo Consultivo del El EN.A.P.RO., manifiestan su profunda preocupación por los impactos producidos sobre el puerto de Rosario debido a la aplicación de la disposición 1108/13 de La Subsecretaria de Puertos y Vías Navegables de la Nación.

La resolución impide que las cargas de exportación originadas en puertos argentinos, sean transbordadas en puertos de países que, aunque formen parte del MERCOSUR, no tengan acuerdos de transporte marítimo de cargas con la República Argentina.

Como es de público conocimiento, salvo Paraguay y Brasil, el resto de los países del MERCOSUR no tienen acuerdos de transporte, por lo que en la práctica las cargas originadas desde el puerto de Rosario quedaron imposibilitadas de ser transbordadas en el Puerto de Montevideo.

Previo a la entrada en vigencia de dicha resolución, noviembre de 2013, el Puerto de Rosario contaba con conexiones regulares de transporte por agua con el Puerto de Navegantes (Brasil), el puerto de Buenos Aires vía barcaza y dos líneas regulares con el Puerto de Montevideo, salida que por su regularidad y servicio era elegida por cargadores locales.

Las razones por las cuales el gobierno nacional impulso esta disposición se basaban específicamente en propiciar que la logística de las cargas se direccione a los puertos nacionales, impulsando el uso de flotas de bandera nacional. Sin embargo, a casi 10 meses de su entrada en vigencia, podemos destacar que las consecuencias de su aplicación tiene un impacto altamente negativo, no habiendo logrado el objetivo planteado. En lo que específicamente concierne al Puerto de Rosario ha afectado de manera sustancial la conectividad fluvio-marítima del Puerto.

Tal como lo advertimos en su momento, si lo que se perseguía era evitar que la mayoría de las cargas de los puertos fluviales hagan transbordo en puertos de países limítrofes, esta disposición no ha sido la solución ya que en el caso del Puerto de Rosario los cargadores actualmente optan por sacar sus productos a través del Puerto de Navegantes (operado por una naviera internacional), o bien, transportan por tierra sus productos hasta el Puerto de Buenos Aires, lo que ocasiona mayor concentración de camiones en las rutas y no representa ningún impulso ni beneficio para la flota de bandera nacional. Un claro ejemplo de lo mencionado anteriormente es la reciente confirmación de la suspensión del servicio regular que conectaba el Puerto de Rosario con el de Buenos Aires a través de embarcaciones de bandera nacional.

En cuanto a las razones que se han esgrimido, es importante destacar que el EN.A.P.RO. siempre sostuvo e impulsó la necesidad de contar con una buena conexión fluvial con el Puerto de Buenos Aires, no como una salida exclusiva pero si en línea con la idea de que Argentina requiere de una matriz de transporte que tenga un Puerto hub dentro de en su territorio. Motivo que nos ha llevado a suscribir un acuerdo con el puerto de Buenos Aires a los efectos de mejorar la operación de las embarcaciones de cabotaje originadas en Rosario en las operaciones de transbordo para mejorarlas en tiempos y eficiencia operativa, a la par de haber gestionado insistentemente una modificación en la practicas aduaneras para que los manifiestos de exportación se expidan en los puertos de origen.

Por otra parte, el EN.A.P.RO. manifiesta su interés y apoyo por el desarrollo de una flota mercante de bandera nacional, y de la industria naval y el trabajo de los argentinos en las distintas actividades vinculadas a la navegación.

Por consiguiente es importante resaltar que la discordancia con la disposición no la centramos en las razones que explícitamente se esgrimieron, sino en las consecuencias que la medida trae como resultado de su aplicación, sumado a que su implementación fue llevada a cabo de manera arbitraria e intempestiva.

En consecuencia, quienes suscribimos, entendemos que la medida avanza sobre la economía de la región, complica la integración regional y del MERCOSUR, es el resultado de la negación de diálogo previo a las medidas, además de ser centralista en su concepción.

En vista a los fundamentos y consideraciones aquí vertidas, reclamamos con carácter de urgencia la suspensión de la resolución y la apertura de un espacio de diálogo para llegar a consensos beneficiosos para la logística regional, los exportadores argentinos y la actividad del puerto de Rosario.