Over the past couple of years, we have seen certain supply chains hit with ransomware attacks. Two that come to mind are JBS Meat and Colonial Pipeline. But now a different supply chain in the logistics sector is experiencing an uptick in ransomware attacks.
As recent as February 20, cybercriminals locked up Expeditors data in Seattle, forcing the shutdown of the majority of its IT network. Expeditors coordinates land, air, and sea shipments in over 300 locations around the world. As the world’s sixth largest freight forwarder, they coordinated 900 million metric tons of air cargo and 1.1 billion containers of ocean freight containers in 2020.
With their systems down, they are operating on a limited ability which means they can’t book new shipments, track existing cargo, or help cargo make its way through customs at ports throughout the world. Cybersecurity consultants working to restore Expeditors network report it could take weeks to undo the damage and get back to full operations.
Other Recent Ransomware Attacks
Expeditors was the second large freight forwarder to get attacked in recent months. In December 2021, Hellman Worldwide Logistics was hit with a ransomware attack that took down their operations for weeks. In 2020, they handled 900 million containers of ocean shipments and 550 million metric tons of air cargo shipments.
Here in the U.S., Marten Transport in October 2021 and the Port of Houston in August both fended off attempted ransomware attacks.
Why Target the Logistics Chain?
There are two reasons why large players in the logistic supply chain are ripe targets right now:
- Supply chain companies from the top down are under extreme pressure from clients and governments to restore operations back to a pre-pandemic level.
- Due to skyrocketed shipping prices, big logistics companies have generated large cash reserves. For example, Expeditors posted $1.7 billion on their 2021 balance sheet.
With a lot of money on hand and the pressure to keep things running as smoothly as possible and get caught up, cybercriminals have figured out that these companies are more apt to just pay the ransom so they can get back to pre-ransom operations as soon as possible.
Network Access for Sale
Cybercriminals not only make money by targeting companies with ransomware attacks, but they also sell network access to any hacker willing to pay the price to gain entry into a network. Intel 471, a cybercrime intelligence company, observed seven instances since July 2021 of brokers advertising network credentials or other type of network access for sale.
While the names of the companies were not disclosed, they were a Japanese container shipping provider, a U.S. transportation management firm, a U.S. freight forwarder, a U.S. commodities transportation firm, and logistics providers in the U.K, Malaysia and Bangladesh.
Hackers readily take advantage of known vulnerabilities in network systems. Companies could avoid attack by patching these known vulnerabilities in the exploited software. But like with many other things, the mentality is “Cyber-attacks only happen to other companies” thus creating a false sense of security.
Greg Otto, a researcher at Intel 471 stated, “If there’s a hole and they haven’t gone through patching yet, they’re just vulnerable no matter if they’re a billion-dollar company or a small million-dollar regional company.”
What Companies Can Do to Reduce Risk
On March 3, the CISA added 95 additional vulnerabilities to their already known list. In light of this, companies should immediately patch all known vulnerabilities in their network systems and make sure their software is up to date. After that, follow the CISA’s Shields Up Guidance for All Organizations. There is even a section in that guidance for Corporate Leaders and CEOs.
What Individuals Can Do to Reduce Risk
As individuals, each of us are responsible for our own cybersecurity. According to the CISA, each person should take the following four steps to stay cyber safe:
1. Implement multi-factor authentication on your accounts.
A password isn’t enough to keep you safe online. By implementing a second layer of identification, like a confirmation text message or email, a code from an authentication app, a fingerprint or Face ID, or best yet, a FIDO key, you’re giving your bank, email provider, or any other site you’re logging into the confidence that it really is you. Multi-factor authentication can make you 99% less likely to get hacked. So enable multi-factor authentication on your email, social media, online shopping, financial services accounts. And don’t forget your gaming and streaming entertainment services!
2. Update your software. In fact, turn on automatic updates.
Bad actors will exploit flaws in the system. Update the operating system on your mobile phones, tablets, and laptops. And update your applications – especially the web browsers – on all your devices too. Leverage automatic updates for all devices, applications, and operating systems.
3. Think before you click.
More than 90% of successful cyber-attacks start with a phishing email. A phishing scheme is when a link or webpage looks legitimate, but it’s a trick designed by bad actors to have you reveal your passwords, social security number, credit card numbers, or other sensitive information. Once they have that information, they can use it on legitimate sites. And they may try to get you to run malicious software, also known as malware. If it’s a link you don’t recognize, trust your instincts, and think before you click.
4. Use strong passwords
Ideally, use a password manager to generate and store unique passwords. Our world is increasingly digital and increasingly interconnected. So, while we must protect ourselves, it’s going to take all of us to really protect the systems we all rely on.
Cybersecurity Should not be an Afterthought
Now is not the time to be complacent about cybersecurity. The money it costs to get in compliance is far less than it would be if hit with a ransomware attack, which can disrupt operations for weeks or months … not to mention the cost of the ransom if paid.
From the top down to the lowest person, we all need to do our part to be cybersafe during these heightened times of cyber vulnerability.
