No honor among thieves

Cybercriminals and fraudsters have been quick to capitalize on the coronavirus pandemic

As the Covid-19 pandemic places increasing strain on the global supply chain, ransomware attacks on the logistics industry have rocketed.

A report published today (April 22) by security services provider BlueVoyant finds that last year saw three times as many ransomware attacks on shipping and logistics firms as in 2019.

The team also found evidence at most organizations of brute-force attacks, targeted attacks using proxy networks, traffic to blocklisted assets, and traffic coming from known botnets.

Time is money

“Shipping and logistics companies are large businesses that are highly sensitive to disruption, making them perfect targets for ransomware gangs,” Thomas Lind, BlueVoyant’s co-head of strategic intelligence, tells The Daily Swig.

“Any attacker looking for likely targets will be attracted to supply chain companies, which can’t afford to lose any time or access to systems, but which can afford ransoms to get operations back up and running as quickly as possible.”

And this has extended to companies involved in Covid-19 vaccine supply chains, with AmeriCold, which provides the specialized cold storage required for the Pfizer vaccine, hit with a ransomware attack last November.

Read more of the latest cyber-attack news from around the world

“The major eye-openers have been the attack on AmeriCold, which shows that attackers are actively tracing companies involved in vaccine development and distribution,” says Lind.

“We already knew this from our recent biotech and pharma report, which showed that attackers were disproportionately targeting vaccine development companies.

“But now they’re following the vaccine along supply chain lines, looking for businesses that are vulnerable and can’t afford to have their operations disrupted.”

Cybercriminals and fraudsters have been quick to capitalize on the coronavirus pandemic

Insufficient protection

But while every one of the companies surveyed said they’d seen evidence of threats to their network, nine out of ten were found to have open remote desktop or administration ports at IP addresses on their network.

Similarly, most showed insufficient email security, lacking basic DNS-based email security protocols – another major vulnerability to ransomware gangs.

RECOMMENDED Zero-day vulnerabilities in SonicWall email client led to network access, backdoors installed

Domains belonging to 14 of the 20 companies studied had no protection against phishing and spoofing attacks, 16 had devices running unsupported software on their networks, and half appeared to be running software with high-severity vulnerabilities on their servers.

These vulnerabilities weren’t concentrated on any one section of the supply chain, with almost every type of business surveyed showing evidence of remote desktop and email vulnerabilities. Shipping businesses, though, tended to be more reliant on outdated technologies.

Port in a storm

The single most important move that logistics companies should take, says Lind, is to secure networking ports.

“Ransomware gangs don’t hide what they’re doing – they hit remote desktop protocol and other remote desktop ports. Especially in a time when many companies set up remote desktops for remote workers, this is a critical issue,” he says.

“Second, use an email service or implement DNS-based email security to protect against phishing attacks.”

They should also, he says, make more effort to update and patch software.

INSIGHT Covid-19: How bug bounty programs helped secure some of the world’s leading track and trace apps

There is awareness of the problem in the US at least. An executive order signed by Donald Trump aimed at securing maritime shipping, another from Joe Biden in February covered supply chain and logistics, with a particular focus on delivery of Covid vaccines.

Meanwhile, points out Lund, “Biden’s infrastructure plan includes provisions for digital security that will doubtless affect supply chain companies”.

He added: “They should therefore get ahead of this by engaging with policymakers to identify low-cost, high-impact solutions to their cybersecurity concerns.”

YOU MIGHT ALSO LIKE Telecoms industry facing increased DDoS attacks, report warns