Key sectors in the supply chain are being targeted by cybercriminals, a new report says.
Against a backdrop of extreme volatility in the supply chain of goods, cyber criminals on the dark web have been peddling sensitive information that can provide access to supply chain companies’ computers, according to a report from cyber intelligence firm Intel 471.
Underground cyber brokers have been selling credentials – used to access computers – belonging to companies that operate air, ground and maritime cargo transport on several continents and are "responsible for moving billions of dollars worth of goods around the world," Intel 471 said.
Cyber thieves have gotten hold of the credentials by leveraging vulnerabilities in remote access technologies such as Remote Desktop Protocol (RDP), Virtual Private networks (VPN), Citrix, and SonicWall, among others, Intel 471 said.
"We've witnessed ransomware attacks on the shipping industry throughout the year, which has undoubtedly put a constraint on companies that are already stretched thin due to the pandemic," Intel 471 researchers told FOX Business.
As of 2020, all four of the largest global maritime shipping companies had been hit by cyber attacks.
Some of the "advertisements" on the cybercrime underground observed by Intel 471 include:
-In October 2021, a newcomer to a well-known cybercrime forum advertised access to the network of a U.S.-based freight forwarding company, claiming access to local administrator rights and access to 20 computers on the company’s network.
-Also in October, a new cybercrime player on a different cybercrime forum claimed access to a Malaysian logistics company.
-In September 2021, an actor with ties to the FiveHands ransomware group said it had access to hundreds of companies, including a U.K.-based logistics company. "It’s most likely that access was obtained through a SonicWall vulnerability, given that FiveHands is known to use that access to launch its ransomware attacks," Intel 471 said.
-In August 2021, one actor known for working with groups that deploy Conti ransomware claimed access to corporate networks of a U.S.-based transportation management and trucking software supplier and a U.S.-based commodity transportation services company.
-In July 2021, individuals said they had gained access to a network owned by a Japanese container transportation and shipping company. The access being advertised included the company’s credentials "in a dump of approximately 50 companies," Intel 471 said.
These kinds of attacks are having a profound impact on the shipping and logistics industries, Bryan Hornung, CEO of Xact IT Solutions Inc., told FOX Business, pointing to another attack in July, where hackers locked up Transnet SOC, a South Africa company that oversees operations for the country's main seaports.
In another high-profile supply chain attack, Australian transport and logistics company Toll Group – that boasts 40,000 employees and operates a distribution network across over 50 countries – was the victim of a ransomware attack in May of last year, severely disrupting their operations and the supply chain in that country.
"What we are seeing right now on the dark web … the chatter … is a precursor to attacks occurring within the next 90 days. So it would not surprise me if we see an uptick in ransomware attacks against shipping and logistics companies leading into the holidays," Hornung said.