Not only is it an opportune moment for cybercriminals to attack the supply chain sector, but access to logistics backend systems is being bought and sold more often than usual, according to US-based cyber firm Intel 471.
The group has revealed that in the past three months, the access credentials of approximately 50 freight and logistics companies – from Japan, the US, UK, Bangladesh and Malaysia – were posted online or being traded freely by cybercriminals.
Intel 471 researcher Greg Otto told The Loadstar the recent confluence of supply chain crises had created a target-rich environment for ransomware attacks, similar to last year’s wave of cyber-strikes against hospital IT systems.
“That wasn’t a coincidence,” he said. “Cybercriminals knew that healthcare providers were over a barrel.
Mr Otto said it was feasible that attackers could see internal business documents that show a company is having big issues.
“They would say, ‘if we hit them now, they’ll be over a barrel. They really cannot afford downtime, so they will be more likely to pay up, at a higher number’.”
It is not that cybercriminals are targeting shipping companies specifically, but they look at specific programmes that power IT stacks for companies worldwide, he explained, and “shipping companies are no different from financial or healthcare companies”.
He added: “When it comes to a ransomware attack, they know how to tailor ransom demands to a sweet spot, where they can get a lot of money, but it’s not so big a number that IT teams are just going to laugh it off, back it up, and move on.”
And Mr Otto warned: “I don’t want to cause undue fear. The credentials we found on the cybercriminal underground are the first sign that an attack is more likely than ever before. People launching ransomware attacks look for these credentials before they launch an attack.
“It’s a red flag for us to see screenshots of backend IT systems, administrative systems, dealing with the company’s financial systems, or its administrative IT systems. Or usernames and passwords of that company’s users who are tasked with running those systems.”
Mr Otto urged companies which had been hit to be more transparent, as the culture of silence surrounding cyberattacks is the primary mechanism by which they operate.
“It’s a really big problem. That’s why ransomware has been such a big problem to stop. Companies do not like to admit they’ve been held for ransom. They worry about SEC [US Securities and Exchange Commission] fines and running foul of regulators.”