Cyberattacks are not only increasing in frequency but also impact. Putting up a solid defense against ransomware attacks requires a leveled approach to security with a zero-trust model at the core of the strategy. Ransomware has become an international menace, costing businesses and organizations billions of dollars in extortion payments, and more in operational downtime.
Analysis by NCC Group’s Research Intelligence reported a 288% increase in ransomware attacks from the first quarter to the second quarter of 2021, and the shift to remote work contributed heavily to this rapid increase. Intel 471, a US security company, published an analysis of the current online black market, disclosing instances of first entry brokers that grant access to international shipping and logistics companies on land, sea, and air. Since the onset of the COVID-19 pandemic, the global supply chain has been facing severe disturbances.
The problem is not limited to the global chip shortage and closures. As we slowly get things back to normal, the demand for everything from clothing to electronics continues to increase. This may be why organizations that provide cargo transportation and delivery services have attracted cybercriminals, including malicious actors that carry out ransomware attacks.
Cybercriminals are selling credentials of supply chain companies on online forums on the dark web as they attempt to take advantage of global supply chains that are already under pressure. Researchers at Intel 471 revealed that they had tracked advertisements for usernames and passwords for companies operating air, ground, and maritime cargo transport on “several continents”. Intel 471 revealed it had been tracking well-known access brokers since July 2021.
We reached out to leaders in the technology and IT sectors for insight into the state of cybersecurity in the supply chain industry. We also wanted to find out if the recent string of ransomware attacks on companies in the supply chain industry is causing concern for other industries.
Do Other People/Companies See Similar Attacks or Potential Attacks?
According to Ashu Singhal of Orion Networks, there have been instances of these types of attacks appearing in other sectors and within company walls. Singhal stated, ”We have started seeing another version wherein our customers (also the customers of shipping companies) are being targeted via social engineering and posing as the shipping company with specific details.”
Cybercriminals are trading in credentials that are needed to compromise business computers, and they have been announcing and selling credentials to a variety of shipping and logistics companies over the span of a few months. While the credentials that are being announced and advertised may not foreshadow an attack, the fact that this type of information is being advertised online does not fall in the favor of the companies.
”It seems that the cybercriminal community is looking for ways to target organizations that can cause the most havoc and be desperate to resolve the issue and therefore pay a ransom. The more severe the breakdown is, the higher their chances are for payment”, said Guy Baroan of Baroan Technologies.
”Most organizations are just not as prepared as they believe they are, no testing is being done and, therefore, when they get hit, it is only at that time, that they realize how unprepared they were. Paying the ransom in these cases is the path of least resistance, although not the right decision”, added Baroan.
If Criminals Are Selling Credentials to Shippers’ Networks, Why Not Pull Off the Attacks Themselves?
Recently, attacks have gone from compromise or sale of credentials on the dark web to ransomware attacks. Not every login credential sale results in a ransomware attack, but it’s never a good indicator if your company’s name is listed on a cybercrime dark web advertisement.
When asked why cybercriminals are selling credentials to shippers’ networks instead of carrying out the attacks themselves, Baroan said, ”If you can sell the information to many for a fee, then you can make more and have less liability of being caught. Gathering information about what is vulnerable saves the hackers time to find targets. The cyber-criminal organizations are not ones that do all the work, find the vulnerability, exploit that vulnerability, steal the data, delete the backups and encrypt the data for ransom”.
”They all work together in different areas of specializations. Offering this information for sale is easier for some and allows for higher profit as they can resell the same information to multiple buyers. This also allows them to not be as involved in the crime. Less risk”, added Baroan.
”It’s a much less risky way to make money in an otherwise risky business. The chance of being caught selling credentials is a lot less. Also, it speaks to the maturity of the industry where specialization has increased considerably, thereby segmenting the focus areas of stealing and selling credentials versus using them for attacks”, added Singhal.
How Devastating Would a Major Attack on a Large Shipping Company Be at This Time, Given Other Supply Chain Problems?
”A major attack on a large shipping company right now would be very hard on the market. It will exponentially affect the companies that need to sell the goods, the end-users of the goods and would be a chain reaction that may cause major shortages across the world for goods that are sorely needed”, said Baroan.
”Think of a shipping company on a Monday morning not being able to know what container to send, where to send it to and when, since they have a ransomware attack and cannot access their systems. This would be quite devastating even if one shipping company is impacted as it would send ripple effects/delays across the rest of them as they are using the same ports, shipping lines, etc.”, said Singhal.
”Every organization needs to do everything they can to identify their critical data, ensure that they have the proper protections in place, and are able to detect any events happening on their network that are not normal so they can act quickly. Unfortunately, this is not being handled properly and many organizations are still not viewing the cyber threat as a high priority requirement for their company’s future. This means that we should expect to see more attacks coming as the rate of success is still too high for the criminals”, added Baroan.
These types of attacks and widespread vulnerabilities are not always addressed, even in a time of surging scrutiny and a growing reliance on supply chains. Being proactive can have a major impact on battling against ransomware attacks. Seeing your company’s credentials on a dark web forum should be a major red flag that something needs to be done in your company’s network.
The supply chain industry is often the target of attacks. The consequences of cyberattacks will have a domino effect on the global economy. Security teams and cyber teams are constantly monitoring and tracking opponents, the latest tools and solutions, and malicious behavior to prevent these types of attacks.
As cyber teams do their best to fight back each time there is a ransomware attack or other cybercrime, attackers have only become more sophisticated and tricky. Are you keeping up with the latest cybersecurity threats, vulnerabilities, data breach information, and growing trends? What are your thoughts on the current state of the global supply chain? Contact us today to share your thoughts.