Unfortunately, cyber criminals don’t care about that and if logistics companies are not prepared, they could easily fall victim to a cyber-attack. And an attack enabled by a staff member – either purposefully or accidentally is a major way that this could occur.
Criminals understand that logistics companies depend on a delay free environment so that they can get their goods picked up and delivered quickly and efficiently. Anything that interferes with this will have to be dealt with straight away as delays cost money and reputational damage – that means ransom demands against logistics companies are likely to be paid quickly and quietly to ensure goods transits remains unaffected. That makes them particularly vulnerable to attack.
There are plenty of examples of cyber-attacks affecting logistics and transportation companies in the past few months.
Hellman Worldwide Logistics suffered a suspected ransomware attack in December 2021, which led to clients being targeted with fraudulent communications.
Expeditors International - the world's sixth-largest freight forwarder reportedly shut down its computer systems after an attack limited its ability to manage customs and distribution activities. While they did not explicitly say it was a ransomware attack, the business did say it was restoring systems from backups, which is an indicator of that type of cyber-attack.
In February 2022 IT infrastructure at ports in Belgium and the Netherlands were reportedly subject of a cyber-attack while more recently, in late October, a major breakdown of Denmark’s train network during the weekend was the result of a hacker attack on an IT subcontractor’s software testing environment.
“Often it’s the smallest carriers that have the weakest defences, and they get breached,”
said Tim James Higham, CEO of InMotion Global, a company that provides IT systems to logistics companies. That was demonstrated when a small trucking company in the US, with less than 25 trucks was ransomwared in 2021 – a demand for $300K was made in return for a promise not to disclose sensitive shipping documents that had been stolen.
“Being a small company in a small town, you would have never thought a company like us would get targeted,”
the owner said.
When the company refused to pay the data was leaked onto the dark web and all of the supply chain and customers affected had to be notified of the data breach. Only time will tell whether the incident leads to a loss of business to this small company and whether job losses follow.
Simply put this is a malicious attack against a network where the criminals get access to data and either steal it, threaten to delete it, or encrypt it. The criminals will then demand a payment for the return of the data. Imagine how this could affect your business – sensitive financial data relating to your customers, suppliers or even your own company, commercially sensitive data relating to staff, the operating of your business or contacts with others - these could all be compromised or lost.
The reality is that ransomware is now viewed as a business model and many entities behind these attacks will present themselves as being on the same side as the victim. So, in return for the payment your business will often be supported through a process which will return the data that has been encrypted / stolen. It is worthy of note that paying the ransom does not guarantee the return of the data and certainly does not guarantee that it won’t be sold on or published at some point in the future. Also, your network will still be infected, and you are more likely to be targeted again in the future.
The paying of the ransom has moral and ethical undertones that may not be immediately apparent when you are faced with such an attack. Consider the fact that you may be financially supporting terrorists or criminals by paying the ransom.
Ransomware is always preceded by an attack on the network itself, commonly through use of stolen credentials, a phishing e-mail or brute force attack. These attacks are increasing in complexity and sophistication meaning that defence against these dark arts needs continual review. But the key points for protection to remember are:
The impact of a successful attack against your website or network can be catastrophic and lead to website downtime, loss of data and permanent loss of reputation. But all is not lost.
Here at the centre, we would recommend that you consider
If you are a business, charity or other organisation which is currently suffering a live cyber-attack (in progress), please call Action Fraud on 0300 123 2040 immediately. This service is available 24 hours a day, 7 days a week.
Please report online to Action Fraud, the UK's national reporting centre for fraud and cybercrime. You can report cybercrime online at any time using the online reporting tool, which will guide you through simple questions to identify what has happened. Action Fraud advisors can also provide the help, support, and advice you need. Alternatively, you can call Action Fraud on 0300 123 2040 (textphone 0300 123 2050).
Click to Open Code Editor