Ransomware attacks against the shipping and logistics industry have tripled within the past year. Cybercriminals target the worldwide supply chain in an attempt to earn money from ransom payments. Analysis by cybersecurity company BlueVoyant found that ransomware attacks are increasingly targeting shipping and logistics firms. These attacks have inreased when the worldwide COVID-19 pandemic means their services are required more than ever before.
Ransomware attacks became a serious cybersecurity problem for each industry. But a successful attack against a logistics company could potentially mean chaos – and a particularly lucrative payday for attackers.
The nature of the industry and therefore the potential impact of how disruption can affect all of the availability chains might mean that an affected organization pays the ransom demand. Perceiving it to be the quickest, best way of restoring the network – despite enforcement and cybersecurity experts warning victims that they shouldn’t encourage cybercriminals by paying ransoms.
“Shipping and logistics companies are large businesses that are sensitive to disruption. This makes them perfect targets for ransomware gangs”. Thomas Lind, co-head of intelligence at BlueVoyant, told ZDNet.
2017’s NotPetya cyberattack demonstrated the quantity of disruption which will occur in these scenarios when shipping firm Maersk had vast swathes of its network of tens of thousands of devices across 130 counties encrypted and knocked offline in an event that cost many millions in losses.
But despite this status cyber event demonstrating the necessity permanent cybersecurity strategy, consistent with BlueVoyant’s report. Shipping and logistics companies got to “dramatically” improve IT hygiene and email security. This will form networks more resilient against ransomware and other cyberattacks.
That includes fixing vulnerabilities in remote desktops or ports, something that 90% of the organizations studied within the research were found to possess. Vulnerabilities in RDP systems like unpatched software or using default or common login credentials can provide cyber attackers with relatively simple access to networks.
“When unsecured, ransomware attackers are ready to gain access to a system then move laterally so as to most effectively compromise and lockdown a target network,” said Lind.
“Companies aren’t adequately securing themselves. And that we haven’t seen any industry with worse protections in place than supply chain and logistics.”
In some cases, it is not ransomware groups that are breaching logistics and shipping companies. But merely opportunistic cybercriminals who know they’ll be ready to sell the credentials on for others to use to commit attacks.
Shipping and logistic companies have vast networks – but there are cybersecurity procedures that will improve their defenses against cyberattacks. These include securing port and network configuration in order that default or easy-to-guess credentials aren’t used. And where possible, secure the accounts with two-factor authentication.
According to Lind, “Ransomware gangs don’t hide what they’re doing. They hit remote desktop protocol (RDP) and other remote desktop ports. Especially during a time when many companies found out remote desktops for remote workers. This is often a critical issue”.
Organizations should also update and patch software in a timely manner. In this way, cybercriminals can’t cash in on known vulnerabilities to realize access to networks.