In 2017, container shipping giant Maersk Line was hit by a cyber attack that locked access to systems that Maersk uses to operate shipping terminals all over the world - and took two weeks to fix.
That attack costs the company as much as $300 million, though for the most part containers kept moving.
Supply Chain Digest Says...
|
 |
| It is comparatively very easy for criminals to steal credentials when employees are connecting to a company’s network from devices that aren’t managed by corporate security teams. |
 |
What do you say? |
| Click here to send us your comments |
|
 |
| Click here to see reader feedback |
|
We can probably expect more of this logistics hacking.
In a recent blog post, cyber security firm Intel 471 said that there is a growing black market for log in credentials for access to IT systems of logistics related companies.
“Over the past few months, Intel 471 has observed network access brokers selling credentials or other forms of access to shipping and logistics companies on the cybercrime underground,” Intel 471 commented, adding “These companies operate air, ground and maritime cargo transport on several continents that are responsible for moving billions of dollar’s worth of goods around the world."
The blog noted that the actors responsible for selling these credentials range from newcomers to the most prolific “network access brokers” - bad guys - that Intel 471 tracks.
Among the advertisements recently observed by Intel 471:
Within the span of two weeks in July 2021, one new actor and one well-known access broker claimed to have access to a network owned by a Japanese container transportation and shipping company.
The well-known actor claimed to have access to several accounts belonging to the company, but did not reveal how they were obtained.
In August 2021, one actor known to work with groups that have deployed Conti ransomware claimed access to corporate networks belonging to a US-based transportation management and trucking software supplier and a US -based commodity transportation services company.
In September 2021, an actor with ties to the FiveHands ransomware group claimed access to hundreds of companies, including a UK-based logistics company. Additionally in September, a new actor claimed to have gained access to a Bangladesh-based shipping and logistics company
In October 2021, a newcomer to a well-known cybercrime forum claimed access to the network of a US-based freight forwarding company, alleging that he had had local administrator rights and could access 20 computers on the company’s network.
It’s a lucrative business for the bad guys.
(See More Below)
|
CATEGORY SPONSOR: SOFTEON |
|
|
| |
|
|
 “A key cog in the cybercriminal underground is the interdependency between those who specialize in selling credentials and those looking to launch ransomware attacks,” Greg Otto, a researcher at Intel 471, told the Washington Examiner. “The astronomical growth in ransom payments has helped access merchants put a premium on their services.”
Ransomware gangs have gone from earning five- and six-figure payouts in recent years to demanding seven- or eight-figure payouts more recently, Otto added, saying that the higher demands are “partly due to the need to pay off actors that have helped them obtain access to the victim's system.”
The cybercrime chain is not a “one-criminal show,” Eddy Bobritsky, CEO of Minerva Labs , a cybersecurity vendor, also told the Examiner. “It is a wide web of people, teams, and organizations throughout the world, and every one of them has his contribution to a successful attack. Stealing credentials is only the first step. Those criminals get paid and do not care what happens with the data.”
The many people still working often or always at home significantly increases the risk, experts say. It is comparatively very easy for criminals to steal credentials when employees are connecting to a company’s network from devices that aren’t managed by corporate security systems.
In addition to the potential financial costs from a ransomware attack of loss of operating capability, such attacks could also trigger impactful supply chain disruptions for companies have freight moved but weren’t directly hit with the cyber attacks.
What are your these develpments? Let us know your thoughts at the Feedback section below.
|
l
