Over the past few months, Intel 471 has observed network access brokers selling credentials or other forms of access to shipping and logistics companies on the cybercrime underground, announced the cyberthreat company in a recent blog post.
The aforementioned logistics companies operate air, ground and maritime cargo transport on several continents and are responsible for moving billions of dollars worth of goods around the world.
“The actors responsible for selling these credentials range from newcomers to the most prolific network access brokers that Intel 471 tracks. These actors have obtained these credentials by leveraging well-known vulnerabilities in remote access solutions like Remote Desktop Protocol (RDP), VPN, Citrix, and SonicWall, among others” – the post reads.
Intel 471 describes several incidents. In one case, a well-known broker stated that it had gained access to the data of approximately 50 companies via remote access solutions.
In another case, a hacker claimed not only to gain access to a Malaysian logistics company but also to sell their credentials for $5,000.
Not just shipping companies, but ports are also under attack
The post also reminds readers of the NotPetya attack in 2019 when Maersk had to shut down several of its ports. It cost the company $300 million to replace systems damaged by the malware.
Intel 471 also adds that it has noticed attackers trying to go after ports this year, for example; the Port of Houston, one of the largest ports on the U.S. Gulf Coast was attacked in August. The attempt was detected early therefore it wasn’t successful. Even so, these incidents show that the logistics industry is constantly targeted, and „the ramifications of a cyberattack can have a crippling ripple effect on the global economy”.
“At a time when this sector is struggling to keep things operating, a successful attack could bring this industry to a screeching halt, resulting in unforeseen dire consequences for every part of the consumer economy. It’s extremely beneficial that security teams in the shipping industry monitor and track adversaries, their tools and malicious behaviour to stop attacks from these criminals” – the company warns.
Intel 471 recommends logistics companies proactively address vulnerabilities in times of high alert to avoid further stress on already constrained business operations.