Cybercriminals Targeting Logistics and Transportation Companies

In June of 2017, the logistics and transport industry experienced a ‘first’ when almost 80 ports and terminals around the globe either came to a standstill or experienced significant delays, including the Port of New York and New Jersey, the Port of Los Angeles, the port of Rotterdam (Europe’s largest), and the port near Mumbai—India’s largest container port. 

This now infamous ransomware attack on the shipping company A.P. Moller-Maersk cost the company an estimated $300 million. And with no way to clean the infected computer systems, Maersk had to rebuild a significant portion of its IT infrastructure, installing over 50,000 new PCs, servers, and applications over the next two weeks.

There have been a number of attacks since then, such as billion-dollar German logistics firm Hellmann Worldwide Logistics, who was hit with ransomware in December of 2021. Most recently, we also saw a targeted cyber attack on logistics operations company Expeditors International, who had to shut down its computer systems due to the incident.

What to Know About Cyber Attacks on the Logistics Industry

These attacks were anything but isolated, as the nature of the logistics and transportation industry is attracting specific focus from phishing and malware authors. According to CIPS, supply chain attacks rose by 42% in the first quarter of 2021 in the US, impacting up to seven million people. This affected 137 organizations that reported being hit by supply chain cyber attacks at 27 different third-party vendors.

Things like the digitization of logistics information, internet-based operational processes, a variety of companies using different technological systems (some of which might be extremely outdated), and a heavily dispersed mobile workforce create specific conditions which can be leveraged by cybercriminals.

Let’s take a look at what you should consider when thinking about the risk of a cyber attack on your business, especially as a logistics company.

Both Large & Small Logistics Companies are at Risk

While such attacks on Maersk, along with other large transport companies like TNT Express (of FedEx) and Delta Airlines, garner headlines, the long list of attacks targeted at logistics and transport is frequently aimed at lower-profile small-to-mid-sized companies like Clarksons (a London-based ship broker). Employing approximately 1,500 people worldwide, in 2017 Clarksons found that a hacker had gained unauthorized access to the company’s computer systems, requiring Clarksons to contact clients and individuals whose confidential data may have been leaked in the breach.

Smaller companies often play a key role in the larger logistics and transportation cycle, and research bears out the fact that, as far as cybercriminals are concerned, small- to mid-sized businesses, including those in logistics and transportation, are a significant target. 

According to Fundera, in 2021, there was a 424% increase in new small business cyber breaches last year. These attacks, unfortunately, cost businesses more than $2.2 million a year with 60% of small businesses that are victims of a cyber attack going out of business within six months.

 Complex Supply Chain Increases Risk

Logistics and transportation companies of all sizes also tend to have geographically wide-reaching and diverse supply chain connections which significantly increase attack impact—the distribution of a single container will likely involve information and goods transfer with at least ten different stakeholders, including the shipper, the consignee, a shipping line, origin and destination ports, a trucking company, and banks, as well as customs and border authorities if the item is shipped outside the country. It is this interaction between large and small companies in the logistics cycle that contributes to the attack process. For example, in the 2017 Maersk attack, it wasn’t only maritime ports and container vessels that were affected. Trucks destined for inland facilities were held up for hours and even days at various ports waiting for the systems to come back online so they could process and receive or deliver their shipments, the effect of which spiraled and delayed product distribution for extended periods of time.

And, while we’re on the topic of complex supply chains and the Maersk attack, it is interesting to note that researchers and experts in the cybersecurity industry speculate that Maersk may not have even been one of the intended targets. While the NotPetya malware bore a superficial resemblance to “Petya”—an older type of ransomware, it appears that NotPetya had a more ominous objective in mind. 

As the attack on Maersk progressed, IT experts found that the attack perpetrators appeared to have little interest in collecting the ransom. There was also no way to generate keys to unlock systems. Since the initial phases of the attack were focused on businesses in Ukraine (it is believed that the hacked version of a popular Ukrainian accounting program was used to distribute NotPetya), analysts have suggested that it may have been a state-sponsored attack on Ukraine, and other organizations—like Maersk—were simply collateral damage in the wider complex supply chain.

Regardless of the type of hack or the political or monetary aspirations of the attackers, ultimately, it is the multitude of stakeholders, all potentially operating in different time zones, using disparate and potentially unprotected software and mobile devices, that creates cracks in the logistics and transportation supply chain foundation, enabling criminals to attack and breach businesses. This is worrying business owners, and rightfully so. According to Supply Chain Quarterly, more than a third of organizations are worried about attacks that may compromise their supply chains. Ransomware events impacted supply chains heavily in 2021, which caused widespread system downtime, economic loss, and reputational damage. The feeling is felt across all industries, which include government (+2000% in 2021), healthcare (+755%), education (+152%), and retail (+21%).

The Industry’s Best Efforts Aren’t Working

Research suggests that transport and logistics companies may simply not be taking security seriously enough. Studies within both the logistics/transportation industry and among businesses in general found low levels of cybersecurity-related to very basic elements, such as easy-to-guess passwords, the reuse of the same password between different systems, and numerous unpatched vulnerabilities. A survey by LogMeIn found that while 91% of business users in the United Kingdom, United States, Australia, France, and Germany claim to understand the risks of password reuse across multiple accounts, almost 60% said they went ahead and did so anyway! And, more than half admitted that they hadn’t changed their passwords in more than a year.

Business Interruption and Significant Financial Loss

Logistics and transportation companies are heavily reliant on delivery schedules to ensure profitability and customer satisfaction. It only takes one ransomware or malware attack to have a detrimental effect on logistics schedules, including systems shut down and potentially significant delays in deliveries. This, in turn, leads to financial consequences, including a reduction in fees or fines for delayed delivery. 

Phishing in the form of business email compromise (BEC) attacks also often rack up significant financial loss. According to the InfoSec Institute, BEC scams in the United States cost victims $1.8 billion in 2021. And, in addition to direct financial damage, phishing and malware attacks, can result in the loss of sensitive corporate information—including everything from customer email addresses to birthdates and national insurance numbers for employees.

Final Thoughts: Cyber Attacks are a Business Risk

Today’s logistics and transportation supply chain is only growing bigger and more complex. No business connected to the industry wants to be at the center of a major data breach with national or global implications. Ultimately, logistics and transportation companies need to view cyberattacks as a critical business risk, with significant financial and business implications. As such, web and email security need to be a key component of a business risk plan.

Curious to know what phishing investigation and incident response costs your organization? Find out by using our Incident Response Calculator.