CSCMP's Supply Chain Quarterly
December 08, 2019
Forward Thinking

Cyber attacks targeted transportation sector in third quarter, report finds

Comment
Employees are "last line of defense" as hackers seek to disrupt rivals' supply chains, Mimecast says.

Companies in the transportation, storage, and delivery sector were among the top three targets hit hardest by cyber attacks during the third quarter of 2019, alongside the legal and banking fields, according to a report released today by an email and data security company.

Created by Lexington, Massachusetts-based cybersecurity and compliance provider Mimecast Ltd., the report provides analysis of the nature of attack campaigns launched between July and September, in order to help organizations better understand the impact these factors will have on the cybersecurity landscape in 2020.

The transportation industry is a popular target "where state-sponsored threat actors seek to disrupt the logistical and supply capability of rivals," according to the firm's quarterly "Threat Intelligence Report: Risk and Resilience Insights." Likewise, hackers often target the banking and legal industries, where companies are "rich with sensitive information that yield results."

The report focused on the four main categories of attack types discovered in the quarter: spam, impersonation, opportunistic, and targeted. Mimecast found that impersonation attacks are on this rise, accounting for 26% of total detections - and now includes voice phishing or "vishing," an advanced attack observed in this quarter, where threat actors use social engineering to gain access to personal and financial information via the victim's telephone system.

"Threat actors seek numerous ways into an organization—from using sophisticated tactics, like voice phishing and domain spoofing, to simple attacks like spam," Josh Douglas, vice president of threat intelligence at Mimecast, said in a release. "This quarter's research found that the majority of threats were simple, sheer volume attacks. Easy to execute, but not as easy to protect against as it shines a very bright light on the role human error could play in an organization's vulnerability."

To defend against those threats, organizations need to take a "pervasive" approach to email security, integrating security tools that allow for greater visibility at, in, and beyond the perimeter, he said.

"This approach also requires educating the last line of defense - employees. Coupling technology with a force of well-trained human eyes will help organizations strengthen their security postures to defend against both simple and sophisticated threats," Douglas said.

Of the 207 billion emails processed by Mimecast over this period, the company identified 25 significant malware software viruses with names like Azorult, Hawkeye, Nanocore, Netwired, Lokibot, Locky, and Remcos. The hacking campaigns ranged from simple phishing expeditions to multi-vector assaults alternating file types and attack vectors, types of malware, and vulnerabilities.

Join the Discussion

After you comment, click Post. If you're not already logged in, you will be asked to log in or register.


Want more articles like this? Sign up for a free subscription to Supply Chain Executive Insight, a monthly e-newsletter that provides insights and commentary on supply chain trends and developments. Click here to subscribe.

We Want to Hear From You! We invite you to share your thoughts and opinions about this article by sending an e-mail to ?Subject=Letter to the Editor: Quarter : Cyber attacks targeted transportation sector in third quarter, report finds"> . We will publish selected readers' comments in future issues of CSCMP's Supply Chain Quarterly. Correspondence may be edited for clarity or for length.

Want more articles like this? Subscribe to CSCMP's Supply Chain Quarterly.