Cyber pirates targeting logistics and transportation companies

by John Callon

In June of 2017, the logistics and transport industry experienced a ‘first’ when almost 80 ports and terminals around the globe either came to a standstill or experienced significant delays, including the Port of New York and New Jersey, the Port of Los Angeles, the port of Rotterdam (Europe’s largest), and the port near Mumbai—India’s largest container port. 

This now infamous ransomware attack on the shipping company A.P. Moller-Maersk cost the company an estimated $300 million. And with no way to clean the infected computer systems, Maersk had to rebuild a significant portion of its IT infrastructure, installing over 50,000 new PCs, servers, and applications over the next two weeks. 

This attack was anything but isolated, as the nature of the logistics and transportation industry is attracting specific focus from phishing and malware authors. Things like the digitisation of logistics information, internet-based operational processes, a variety of companies using different technological systems (some of which might be extremely outdated), and a heavily dispersed mobile workforce create specific conditions which can leveraged by cybercriminals.

Both large and small logistics and transportation companies are at risk

While such attacks on Maersk, along with other large transport companies like TNT Express (of FedEx) and Delta Airlines, garner headlines, the long list of attacks targeted at logistics and transport is frequently aimed at lower profile small-to-mid-sized companies like Clarksons (a London-based ship broker). Employing approximately 1,500 people worldwide, in 2017 Clarksons found that a hacker had gained unauthorized access to the company’s computer systems, requiring Clarksons to contact clients and individuals whose confidential data may have been leaked in the breach.

Smaller companies often play a key role in the larger logistics and transportation cycle, and research bears out the fact that, as far as cybercriminals are concerned, small- to mid-sized businesses, including those in logistics and transportation, are a significant target. The 2018 Verizon Data Breach Investigations Report shows that smaller businesses are more likely to be the target of cybercrime 58% of the time. A 2016 cybersecurity survey of maritime-related businesses by IHS Markit/BIMCO found that almost 60% of respondents had been a victim of a cyberattack. Respondents included shipowners, ship managers, trade organizations, regulators, port authorities, maritime service providers, equipment providers, and shipyards. 

Complex supply chain increases risk

Logistics and transportation companies of all sizes also tend to have geographically wide-reaching and diverse supply chain connections which significantly increase attack impact—the distribution of a single container will likely involve information and goods transfer with at least ten different stakeholders, including the shipper, the consignee, a shipping line, origin and destination ports, a trucking company, and banks, as well as customs and border authorities if the item is shipped outside the country. It is this interaction between large and small companies in the logistics cycle that contributes to the attack process. For example, in the 2017 Maersk attack, it wasn’t only maritime ports and container vessels that were affected. Trucks destined for inland facilities were held up for hours and even days at various ports waiting for the systems to come back online so they could process and receive or deliver their shipments, the effect of which spiraled and delayed product distribution for extended periods of time.

And, while we’re on the topic of complex supply chains and the Maersk attack, it is interesting to note that researchers and experts in the cybersecurity industry speculate that Maersk may not have even been one of the intended targets. While the NotPetya malware bore a superficial resemblance to “Petya”—an older type of ransomware, it appears that NotPetya had a more ominous objective in mind. As the attack on Maersk progressed, IT experts found that the attack perpetrators appeared to have little interest in collecting the ransom. There was also no way generate keys to unlock systems. Since the initial phases of the attack were focused on businesses in the Ukraine (it is believed that the a hacked version of a popular Ukrainian accounting program was used to distribute NotPetya), analysts have suggested that it may have been a state-sponsored attack on the Ukraine, and other organisations—like Maersk—were simply collateral damage in the wider complex supply chain.

Regardless of the type of hack or the political or monetary aspirations of the attackers, ultimately, it is the multitude of stakeholders, all potentially operating in different time zones, using disparate and potentially unprotected software and mobile devices, that creates cracks in the logistics and transportation supply chain foundation, enabling criminals to attack and breach businesses. According to a 2017 study by the Ponemon Institute, 56% of large breaches were the direct result of an initial breach into a third-party/supply-chain vendor.

The industry’s best efforts aren’t working

Research suggests that transport and logistics companies may simply not be taking security seriously enough. Studies within both the logistics/transportation industry and among businesses in general found low levels of cybersecurity related to very basic elements, such as easy-to-guess passwords, the reuse of the same password between different systems, and numerous unpatched vulnerabilities. A new survey by LogMeIn found that while 91% of business users in the United Kingdom, United States, Australia, France, and Germany claim to understand the risks of password reuse across multiple accounts, almost 60% said they went ahead and did so anyway! And, more than half admitted that they hadn’t changed their passwords in more than a year.

Concerns for business interruption and significant financial loss

Logistics and transportation companies are heavily reliant on delivery schedules to ensure profitability and customer satisfaction. It only takes one ransomware or malware attack to have a detrimental effect on logistics schedules, including systems shut down and potentially significant delays in deliveries. This, in turn, leads to financial consequences, including a reduction in fees or fines for delayed delivery. Phishing in the form of business email compromise (BEC) attacks also often rack up significant financial loss. According to the FBI’s 2016 Internet Crime Report, BEC scams in the United States cost victims hundreds of millions of dollars. And, in addition to direct financial damage, phishing and malware attacks, can result in the loss of sensitive corporate information—including everything from customer email addresses to the birthdates and national insurance numbers for employees.

Cyber attacks are a business risk

Today’s logistics and transportation supply chain is only growing bigger and more complex. No business connected to the industry wants to be at the center of a major data breach with national or global implications. Ultimately, logistics and transportation companies need to view cyberattacks as a critical business risk, with significant financial and business implications. As such, web and email security need to be a key component of a business risk plan.

 

Go back