Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

ICS/OT

The Logistics Supply Chain is Being Targeted by Both Cybercriminals and Nation States

Logistics

Logistics

The cybersecurity supply chain threat increasingly goes beyond the delivery of software to include the global delivery of physical goods

Attacks against the supply chain have been growing in quantity and gravity for several years, culminating in SolarWinds. Most discussion has focused on the software supply chain, but a new study shows that the physical logistics supply chain is equally subject, and susceptible, to cyberattacks.

The Covid-19 pandemic has increased and highlighted the world’s reliance on logistics, which is the physical movement of goods from one location to another. At one level, the safe distribution of Covid-19 vaccines from manufacturing points often in Europe to all around the world is vital to the health of entire populations.

At another level, the increased working from home and changes to shopping habits caused by numerous lockdowns has spurred the shift from high street to online shopping. Online shopping means that purchases can be selected from anywhere in the world rather than just what is available in the local shops – and the reliance on logistics to deliver these goods has grown.

A new report highlights that the logistics industry is not only susceptible to cyberattacks, it is already in the sights of the attackers. 

The attacks are not limited to ransomware, but ransomware is the most common and most disruptive weapon. It can be, and is used, by cybercriminal gangs for extortion, and nation state groups for geopolitical disruption.

The potential for ransomware in logistics attacks was highlighted by the accidental disruption of Danish shipping giant Maersk by NotPetya in 2017. NotPetya is believed to have originated as a cyberattack by Russian sources against Ukraine, but to have escaped from Ukraine to cause massive damage globally.

Maersk’s operations came to a standstill. It cost the company $250 to $300 million dollars, and it required the re-installation of 50,000 computers. Since then, there have been numerous direct ransomware attacks against other shipping companies – including MSC, Australia’s Toll (at least twice), France’s CMA CGM, and COSCO.

Advertisement. Scroll to continue reading.

According to today’s BlueVoyant report (PDF), logistics firms can now expect an average of one month’s disruption every 3.7 years; 72% of logistics firms have suffered from disruptions; and there were 290 attacks against supply chain firms in 2019 alone. The attacks against maritime companies and organizations are against both IT and OT networks, with the latter having potential for the greater disruption. OT attacks have grown from 50 in 2017 to around 500 in 2020 – an increase of 900% in three years.

“Shipping and logistics are vulnerable as a sector because they are targeted both by nation-state groups as well as cybercriminals. Geopolitical tensions can be disruptive and spark attacks or interference in shipping businesses, such as incidents resulting from issues like Brexit and ongoing US-China trade disputes,” warns the report. In May 2020, the Washington Post reported that Iran’s Shahid Rajaee port terminal was taken offline by an attack thought to have originated from Israel.

“Maritime shipping, which is more OT reliant, has in the last three years been heavily and successfully attacked in no small part due to the sector’s reliance on outdated OT infrastructure,” Thomas Lind, BlueVoyant’s co-head of strategic intelligence, and a former cybersecurity fellow at Columbia university, told SecurityWeek. “I think those attacks are coming more usually from sophisticated actors – so there are many maritime shipping attacks that have been loosely attributed to Chinese APT groups operating against South China Sea shipping and freight.”

BlueVoyant’s analysts took a close look at incoming and outgoing traffic for 20 of the leading logistics firms. It found that 16 of the companies had evidence of brute force attacks; 14 had received targeted attacks using proxy networks; and all 20 received traffic from known botnets. Outgoing, 10 of the companies were generating traffic to blocklisted/deny listed assets (seven of which reached out to suspicious infrastructure); and one of the companies generated traffic to assets known to be associated with ransomware.

“What surprised me most in this analysis,” said Lind, “was the distribution of vulnerabilities across the whole logistics sector. Vulnerabilities weren’t concentrated in IT or OT, in shipping or trucking; it was everyone.”

“NotPetya,” says the BlueVoyant report, “was an especially damaging case, and subsequent coverage of Maersk’s experience has implied that it was spectacular enough to serve as a wake-up call for the logistics industry. More than three years later, the sector remains vulnerable to malicious cyber activity, and especially and specifically vulnerable to ransomware attacks.”

It is clear the cybersecurity supply chain threat increasingly goes beyond the delivery of software to include the global delivery of physical goods. But there is a new emerging threat vector that will also need to be considered in the future: driverless delivery by truck and rail.

“We’re going to see increasing automation across all parts of the logistics supply chain,” Lind told SecurityWeek. “Most immediately it is going to be in trucking freight, both land and rail. Any time you increase the number of smart devices – including vehicles – you increase the attack surface. The problem is, I’m not seeing the logistics companies getting out ahead of this issue – their cybersecurity hygiene is pretty poor and they’re not developing a common set of practices. How bad this will become may depend on the effect of government policy. Cybersecurity will need to be built in at the manufacturing phase. If the companies don’t do this, they’re going to face a hard reckoning when government policy orders come into effect.”

What is clear is that there will be a new wave of logistics cyberattacks against both individual and fleets of driverless trucks.

New York-based BlueVoyant was founded in 2017 by Jim Rosenthal (CEO) and Thomas Glocer. It provides managed security services based on threat intelligence, and has raised a total of $275.5 in three funding rounds.

Related: Overcoming Security Challenges in the Transport and Logistics Sector

Related: Continuous Updates: Everything You Need to Know About the SolarWinds Attack

Related: US Takes New Aim at Ransomware After Most Costly Year

Related: Trucking Giant Says Ransomware Attack Had $7.5M Impact

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybersecurity Funding

2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem

Endpoint Security

Today, on January 10, 2023, Windows 7 Extended Security Updates (ESU) and Windows 8.1 have reached their end of support dates.

Email Security

Many Fortune 500, FTSE 100 and ASX 100 companies have failed to properly implement the DMARC standard, exposing their customers and partners to phishing...

ICS/OT

The overall effect of current global geopolitical conditions is that nation states have a greater incentive to target the ICS/OT of critical industries, while...

Artificial Intelligence

Two of humanity’s greatest drivers, greed and curiosity, will push AI development forward. Our only hope is that we can control it.

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...