In recent years, the logistics sector has become an increasingly tempting target for cybercriminals for a whole host of reasons. The first is that logistics is one of the most profitable industries worldwide and is an important part of the economy, making it a logical focus for criminals seeking to make a big disruptive impact. Second, although logistics is focused on the physical movement of goods, it also has a big digital footprint. The logistics component of today’s supply chain has come to rely on a significant volume of data processing and information sharing. For example, industry forms that were traditionally paper-based—such as invoices, export compliance certificates, and bills of lading—are now digital. Consequently, fleet operators are now sharing more data digitally with partners and vendors than ever before, which opens them up to more cyber risks. Finally, the cargo supply chain consists of many disparate parties that have varying levels of cybersecurity systems in place. This presents cybercriminals with an opportunity to identify and exploit the weak links in the network.
Given the rapidly evolving nature and the deep sophistication of cyberattacks today, it is vital that transport and logistics firms and their customers stay up to date on the cyberthreat landscape. Doing so will help them better understand and defend against a wide range of existing and emerging cyber risks. Due to the interconnected nature of the supply chain, it is also crucial that they work with key suppliers and partners to ensure that best practices in cybersecurity are implemented throughout the network.
Threats to watch
Some of the major cyber risks that have affected the transportation and logistics sector include: ransomware, phishing, and sensor and industrial technology intercepts.
Ransomware: Ransomware is a malware that prevents users from accessing their system until a ransom is paid. According to Cybersecurity Ventures, a cybersecurity research and publishing company, ransomware is one of the fastest growing types of cybercrime and is expected to attack a business, consumer, or device every two seconds by 2031. The transportation and logistics sector has proven to be an especially attractive target for these attacks. In May 2021, the Colonial Pipeline attack disrupted jet fuel and gasoline supplies to large areas of the southeastern region of the U.S. Whilst the direct financial impact was the payment of a $4.4 million ransom, the indirect financial and socio-economic impacts to the associated supply chain were far greater. Further evidence of the significant financial and disruptive impact of a ransomware breach was shown in this year’s attack on the logistics service provider Expeditors. The crippling attack cost the company $40 million in charges on lost shipping opportunities and a further $20 million in investigation, recovery, and remediation expenses.
Phishing: Logistics and shipping companies are increasingly being targeted by phishing attacks. Phishing involves cybercriminals contacting target organizations by email (phishing), telephone (vishing), or text message (SMSishing), and posing as a legitimate person or organization. The aim of the attack is to lure the recipient into giving up sensitive data and passwords to illicitly access data for financial gain. A very pertinent example was during the pandemic when cybercriminals used phishing techniques to target the COVID-19 cold supply chain. The attack gained access to the low-temperature storage manufacturer Haier Biomedical’s network before using its own email system to distribute further phishing emails to partners involved in transporting the vaccine.
Other examples of phishing attacks specific to the sector are “bill of lading ransom” and “freight forwarding fraud.” In the case of a bill of lading ransom, cybercriminals pose as freight forwarders to negotiate with an unwitting client. Once goods are packed onto a ship or truck from the port of loading, the criminals then deny the release of the bill of lading until a ransom is paid. If the bill of lading is not released, it can cause severe supply chain delays and disruption. It can also cost companies thousands of dollars in losses, especially if goods in transport are no longer of good quality due to disruptions.
Freight forwarding fraud involves cybercriminals impersonating a legitimate freight forwarding company by essentially copying its website. The aim is to steal freight forwarding fees or make off with any cargo that falls into their possession. Such methods can also be referred to as “brandjacking” and are often used to directly tarnish a corporate brand’s reputation.
Sensor data and industrial technology intercepts: Transportation and logistics companies are increasingly relying on sensors and internet of things (IoT) devices to track and monitor cargo. However, many companies don’t treat their operational technology and IoT technology with the same level of care that they do their information technology, creating an opportunity for cybercriminals. For example, cyberthieves may seek to intercept communications between a logistics firm’s sensors and its IT systems, and then either sell the data to a competitor or use it to guide a physical attack on valuable supply chain shipments.
Protecting against such risks can be difficult due to the innate design of IoT devices. IoT devices are designed with ease of use in mind rather than security. For example, many of them leverage default user credentials (such as “admin”), which are easy to hack, creating cybersecurity vulnerabilities. Additionally, it is often easy to download product sheets for many IoT sensors that specify exactly how the sensor is designed and what security they do and do not have.
Furthermore, companies should be aware that malware attacks can spread from a company’s IT systems to its operational technology and IoT technologies. This was seen when the shipping giant Maersk was hit by a vicious malware called NotPetya in 2017. Although the malware attack initially infiltrated the company’s active directory systems, it spread to the operational technology and IoT technologies used at Maersk’s port facilities. As a result, Maersk’s entire logistics system was shut down.
Similarly, many operational technology (OT) systems, such as industrial controls, are often riddled with vulnerabilities. In a typical OT environment, reliability is the primary concern during the design process, and basic information security precautions are often overlooked. Furthermore, many OT systems are older legacy systems that were never designed to be operated remotely or connect to the internet. As a result, cybersecurity measures were not built into the system’s design.
Fighting against the threats
Cyberattacks can leave damaging effects on an organization. It is, therefore, essential for an organization to have protocols in place to mitigate these attacks. No matter how small or established the organization, if bad actors see an opportunity to infiltrate, they will. To mitigate the exposure to major cyber risks, supply chain executives should first make sure that their organizations are taking the following steps internally: educate employees about potential threats and how to protect themselves, update devices and software regularly, and create an effective remediation plan.
Educate employees. It’s helpful to teach employees to look out for specific threats, such as phishing emails or vishing calls, and flag them to the appropriate person. Employees are usually the first target when bad actors are trying to infiltrate a company’s network. Therefore, it is vital that organizations empower and equip their employees with the knowledge to serve as the first line of defense against potential cyberattacks.1
Update devices and software regularly. Most technology providers are constantly testing their products for any weaknesses and release patches or updates when they discover them. It’s essential then that companies update their devices and existing software applications on a regular basis. This ensures that devices and applications are not only better protected from attacks but also are operating efficiently. Operating from an outdated device and/or software application creates vulnerabilities and loopholes for bad actors to slip through and potentially compromise an entire network system. In addition to updating devices on a regular schedule, companies should also regulate what software and applications employees can download onto work devices. Restricting unauthorized software applications can help mitigate exposure to potential attacks.
Create a remediation process. Even the best-prepared organizations with the most robust training programs can experience a cybersecurity breach. For this reason, organizations need to draw up a plan, or remediation process, for how they should respond if a breach occurs or if they detect a weakness or flaw in their information system architecture. Additionally, organizations should periodically reflect on where and how they need to improve their cybersecurity measures.
Addressing third-party supplier risks
In addition to the internal tactics described above, companies should also involve their external suppliers and partners in their cybersecurity programs. Given that so much of the cargo supply chain is outsourced, advancing third-party and supplier cybersecurity programs is paramount to protecting your own cybersecurity. Organizations need to ensure that the security measures that are important to them are also in place at their suppliers’ and providers’ organizations, otherwise they risk having their own security undermined by lax practices at their partners. To create strong, secure practices, companies need to work proactively with their suppliers before a breach occurs and build an open relationship with them to ensure communications are received in the right way.
In order to address third-party supplier risks, companies should:
Becoming cyber resilient
The past two years have proven the vital role that the transport and logistics industry plays in the overall economy. At the same time, the past two years has also shown the scale of the cyberthreat facing the industry. These two factors mean that taking steps to defend IT systems against cyberattacks is crucially important.
Cybercriminals are becoming craftier as they create more sophisticated ways to infiltrate networks and steal data for financial gain. Therefore, organizations cannot simply focus on the technological aspects of cybersecurity by assessing potential vulnerabilities in IT systems, they must also take steps to address them through best practice security and access controls. The impacts on business processes, products, employees, and customers alike must be understood to preserve the value chain, keep the global supply chain moving, and enable a position of cyber resilience.
1. For practical tips on communicating well with employees on cyberthreats and best practices see “How to educate employees about cybersecurity,” Analytics Insight, (June 2, 2021): https://www.analyticsinsight.net/how-to-educate-employees-about-cybersecurity
Mark Brown is the Global Managing Director for Digital Trust Consulting at BSI.