One of the lingering impacts of the COVID-19 pandemic is the havoc it has wreaked on the global supply chain. There have been extreme fluctuations in the availability of goods, ports around the world are severely backlogged with full containers, and shipping and logistics companies are having trouble finding workers to transport cargo. It is a precarious situation for this sector, especially as the holiday season approaches.
With things as volatile as they are, a cybersecurity crisis at one of these logistics and shipping companies could have a calamitous impact on the global consumer economy. Over the past few months, Intel 471 has observed network access brokers selling credentials or other forms of access to shipping and logistics companies on the cybercrime underground. These companies operate air, ground and maritime cargo transport on several continents that are responsible for moving billions of dollars worth of goods around the world.
The actors responsible for selling these credentials range from newcomers to the most prolific network access brokers that Intel 471 tracks. These actors have obtained these credentials by leveraging well-known vulnerabilities in remote access solutions like Remote Desktop Protocol (RDP), VPN, Citrix, and SonicWall, among others.
Among the advertisements observed by Intel 471:
The world has previously seen the economic damage that can come from a cyber attack on the shipping and logistics industry. The NotPetya attack in 2017 devastated Danish shipping and maritime giant Maersk, shutting down several of its ports and costing the company $300 million to replace systems damaged by the malware. Adam Banks, head of technology at Maersk, told a business publication in 2019 that “there was 100 [percent] destruction of anything based on Microsoft that was attached to the network.”
We have seen attackers try to go after ports this year. In August, suspected foreign government-backed hackers breached a computer network at the Port of Houston, one of the largest ports on the U.S. Gulf Coast. However, early detection of the incident thwarted any attempts to impede business operations.
Those two incidents show that the logistics industry is constantly targeted, and the ramifications of a cyberattack can have a crippling ripple effect on the global economy. At a time when this sector is struggling to keep things operating, a successful attack could bring this industry to a screeching halt, resulting in unforeseen dire consequences for every part of the consumer economy. It's extremely beneficial that security teams in the shipping industry monitor and track adversaries, their tools and malicious behavior to stop attacks from these criminals. Proactively addressing vulnerabilities in times of high alert avoids further stress on already constrained business operations.
Pro-Russian hacktivism campaigns continued to be directed at countries and entities supporting Ukraine. Here's a briefing about new hacktivist groups and the risks the groups pose.
NATO's annual summit comes as member countries face a rapidly changing global security dynamic, with cyber playing a significant role.
Underground call center services are aiding threat actors in delivering malware through callback phishing and negotiating ransoms. Here's a briefing about different attack scenarios and tips for defense.
Stay informed with our weekly executive update, sending you the latest news and timely data on the threats, risks, and regulations affecting your organization.