Cybercriminals selling access to shipping, logistics firm networks, report warns
Cybercriminals have attempted to sell network access to multiple transportation, logistics and shipping companies in recent months, highlighting the risk of devastating ransomware attacks in the supply chain, a new report warns.
Intel 471, a cybercrime intelligence firm, observed seven instances since July of brokers advertising network credentials or other types of network access. The companies affected consist of a Japanese container shipping provider, a U.S. transportation management and software firm, a U.S. freight forwarder, a U.S. commodities transportation firm, and logistics providers in the U.K, Malaysia and Bangladesh.
Intel 471 did not name the companies but said they “operate air, ground and maritime cargo transport on several continents that are responsible for moving billions of dollars worth of goods around the world.”
Greg Otto, a researcher at Intel 471, told , “It’s not a great time to be messing with these companies when they’re already up against it in terms of what’s going on in the global supply chain.”
Hackers can use network access to stage ransomware attacks. The report warns that the results could be catastrophic.
“A successful attack could bring this industry to a screeching halt, resulting in unforeseen dire consequences for every part of the consumer economy,” the report states.
The potential sale of network access represents an early warning that the companies could be targeted in ransomware attacks, which can cripple operations through the encryption of data. Hackers can use network credentials to infiltrate systems and deploy ransomware.
“That’s really when alarm bells should go off that a ransomware attack might be imminent,” Otto said.
Companies in supply chain regularly targeted ransomware attacks
Companies in the supply chain are regularly targeted in ransomware attacks. Marten Transport, a large U.S. trucking company, was hit in a cyberattack in October that significantly disrupted operations, resulting in data theft. A ransomware gang claimed responsibility for the incident, though Marten hasn’t explicitly said it was the victim of a ransomware attack.
The Port of Houston was also targeted in a cyberattack in August. Port officials said the maritime facility successfully defended itself and avoided any impacts to its operations.
Cybercriminals have been hitting companies in the supply chain for years. Intel 471 pointed to a 2017 cyberattack on Maersk that cost the firm hundreds of millions of dollars and disrupted operations across the world.
The incidents of companies’ network access being sold by cybercriminals, flagged in the report, also point to security vulnerability. The criminals obtained the network credentials through widely known vulnerabilities in remote access solutions including Remote Desktop Protocol, Citrix and SonicWall, according to Intel 471.
Hackers commonly take advantage of known vulnerabilities in systems – which could have been addressed if the companies had patched the exploited software.
“If there’s a hole and they haven’t gone through patching yet, they’re just vulnerable no matter if they’re a billion-dollar company or a small million-dollar regional company,” Otto said.