Search By Topic The Green Supply Chain Distribution Digest
Supply Chain Digest Logo

Catagory: Supply Chain Trends and Issues

Supply Chain News: Increased Selling of Log In Credentials for IT Systems of Logistics Firms to Bad Actors


Security Firm Intel 471 Seeing Lots of Black Market Actions by Sellers and Buyers of Log In Data

Oct. 27, 2021
SCDigest Editorial Staff

In 2017, container shipping giant Maersk Line was hit by a cyber attack that locked access to systems that Maersk uses to operate shipping terminals all over the world - and took two weeks to fix.

That attack costs the company as much as $300 million, though for the most part containers kept moving.

Supply Chain Digest Says...


It is comparatively very easy for criminals to steal credentials when employees are connecting to a company’s network from devices that aren’t managed by corporate security teams.

What do you say?

Click here to send us your comments


Click here to see reader feedback


We can probably expect more of this logistics hacking.

In a recent blog post, cyber security firm Intel 471 said that there is a growing black market for log in credentials for access to IT systems of logistics related companies.

“Over the past few months, Intel 471 has observed network access brokers selling credentials or other forms of access to shipping and logistics companies on the cybercrime underground,” Intel 471 commented, adding “These companies operate air, ground and maritime cargo transport on several continents that are responsible for moving billions of dollar’s worth of goods around the world."

The blog noted that the actors responsible for selling these credentials range from newcomers to the most prolific “network access brokers” - bad guys - that Intel 471 tracks.

Among the advertisements recently observed by Intel 471:

Within the span of two weeks in July 2021, one new actor and one well-known access broker claimed to have access to a network owned by a Japanese container transportation and shipping company.

The well-known actor claimed to have access to several accounts belonging to the company, but did not reveal how they were obtained.

In August 2021, one actor known to work with groups that have deployed Conti ransomware claimed access to corporate networks belonging to a US-based transportation management and trucking software supplier and a US -based commodity transportation services company.

In September 2021, an actor with ties to the FiveHands ransomware group claimed access to hundreds of companies, including a UK-based logistics company. Additionally in September, a new actor claimed to have gained access to a Bangladesh-based shipping and logistics company

In October 2021, a newcomer to a well-known cybercrime forum claimed access to the network of a US-based freight forwarding company, alleging that he had had local administrator rights and could access 20 computers on the company’s network.

It’s a lucrative business for the bad guys.

(See More Below)




“A key cog in the cybercriminal underground is the interdependency between those who specialize in selling credentials and those looking to launch ransomware attacks,” Greg Otto, a researcher at Intel 471, told the Washington Examiner. “The astronomical growth in ransom payments has helped access merchants put a premium on their services.”

Ransomware gangs have gone from earning five- and six-figure payouts in recent years to demanding seven- or eight-figure payouts more recently, Otto added, saying that the higher demands are “partly due to the need to pay off actors that have helped them obtain access to the victim's system.”

The cybercrime chain is not a “one-criminal show,” Eddy Bobritsky, CEO of Minerva Labs , a cybersecurity vendor, also told the Examiner. “It is a wide web of people, teams, and organizations throughout the world, and every one of them has his contribution to a successful attack. Stealing credentials is only the first step. Those criminals get paid and do not care what happens with the data.”

The many people still working often or always at home significantly increases the risk, experts say. It is comparatively very easy for criminals to steal credentials when employees are connecting to a company’s network from devices that aren’t managed by corporate security systems.

In addition to the potential financial costs from a ransomware attack of loss of operating capability, such attacks could also trigger impactful supply chain disruptions for companies have freight moved but weren’t directly hit with the cyber attacks.

What are your these develpments? Let us know your thoughts at the Feedback section below.







Follow Us

Supply Chain Digest news is available via RSS
RSS facebook twitter youtube
bloglines my yahoo
news gator


Subscribe to our insightful weekly newsletter. Get immediate access to premium contents. Its's easy and free
Enter your email below to subscribe:
Join the thousands of supply chain, logistics, technology and marketing professionals who rely on Supply Chain Digest for the best in insight, news, tools, opinion, education and solution.
Home | Subscribe | Advertise | Contact Us | Sitemap | Privacy Policy
© Supply Chain Digest 2006-2021 - All rights reserved