BlueVoyant report reveals US supply chain is under siege as ransomware attacks on shipping and logistics firms triple
Apr 27, 2021
BlueVoyant, the cyber security services company, has announced the findings from its newest report: Supply Chain Disruptions and Cyber Security in Logistics.
As Global health is dependent upon the immediate, safe and effective distribution of the COVID-19 vaccine, logistics firms are literally carrying the world through the current crisis. Underscoring its vulnerability to attack, US Policymakers have put a spotlight on cyber security in the supply chain with recent Executive Orders enacted to secure maritime shipping and logistics.
Ransomware the Number One Cyber Threat to the Supply Chain
It is undisputed that the largest cyber security threat facing supply chain and logistics companies today is neither nation-state attacks nor data breach information for sale on the dark web; it is ransomware. This report shows that from 2019 to 2020, ransomware attacks on shipping and logistics firms tripled—with almost all attacks resulting from phishing or exploitation of open remote desktop ports—making the sector especially vulnerable during the critical global vaccine rollout.
Using open-source data and proprietary research, BlueVoyant assessed 20 of the top global shipping and logistics companies to understand their vulnerability to ransomware and other disruptive attacks. The results indicate the growing threats facing the sector – specifically the disproportionate impact of rising ransomware attacks – capable of bringing businesses that operate technology-driven and highly automated ‘just-in-time’ delivery schedules to a standstill.
Key Report Findings:
- Ransomware is the #1 cyber threat to logistics companies today, suggesting a situation of imminent and extreme risk.
- Malicious actors are keenly interested in logistics companies. 100% of the companies assessed saw some evidence of threat targeting against their network.
- Despite the risks of ransomware attacks, 90% of the organizations studied were found to have open remote desktop or administration ports and insufficient email security, the primary vulnerabilities to ransomware gangs.
- Other evidence of threatening activity was also observed, including:
- Evidence of brute force attacks
- Targeted attacks using proxy networks
- Traffic to blocklisted/denylisted assets
- Traffic coming from known botnets
- Many processes and technologies in the sector are out of date, leaving firms needlessly exposed to vulnerabilities, remedied by easily hardened attack channels.
Unprotected Networks Vulnerable to Phishing/Spoofing Attacks
BlueVoyant’s assessment indicates the immediate need for shipping and logistics companies to dramatically improve IT hygiene and email security. This is clearly underscored by the fact that 90% of the companies studied had open remote desktop or administration ports at IP addresses on their network, and most appeared to have email security vulnerabilities. The report also shows that domains belonging to 14 of the 20 companies studied have no protection against phishing and spoofing attacks, 16 of the 20 companies have devices running unsupported software on their networks and half of the companies appear to be running software with high-severity vulnerabilities on their servers.
COVID-19 Vaccine Delivery Focuses Attackers on Supply Chain
High-profile cargo like the COVID-19 vaccine – and the data that goes with it—make shipping and logistics companies high-value targets to cybercriminal and national state actors aiming to disrupt government efforts and steal sought-after vaccine data. This places additional burden on a sector that, in the past, has already faced significant disruption from cyberattacks. Consider the 2017 global NotPetya ransomware attack that froze Danish shipping firm Maersk’s worldwide logistics operations, costing the firm a whopping $250-300m.
Commenting on the research, Thomas Lind, Head of Strategic Intelligence, BlueVoyant said: “IT management issues, such as those observed in our assessment, played a key role in NotPetya’s infection of Maersk’s systems; an especially damaging case which served as a violent wake-up call for the logistics industry. Alarmingly, more than four years later, the sector remains vulnerable to malicious cyber activity, and specifically vulnerable to ransomware attacks.”
Securing America’s Supply Chain
In February of this year, the Biden administration signed an Executive Order on America’s Supply Chains to secure and bolster the American supply chain and mitigate its vulnerability to attack, highlighting its critical role in the delivery of the COVID-19 vaccine. There are also a number of actions logistics and supply chain companies should immediately implement to mitigate against future attacks and improve their operational preparedness.
These include securing email services and mail servers against phishing and spoofing, securing port and network configurations, updating and patching software, being aware of OFAC regulations and utilizing advanced security services to protect against the multi-faceted and evolving threat landscape.
Jim Rosenthal, co-founder and CEO, BlueVoyant, concludes: “Widespread vulnerabilities persist at a time of increased scrutiny and critical reliance on supply chains; as countries around the world wait for efficient and safe vaccine distribution programs, and as entire work-from-home economies rely heavily on global shipping. The Biden Executive Order demonstrates increased national focus on and critical support for this sector. Given the sensitivity of distribution networks to disruption, the global reliance on supply chain businesses, and the lingering warning of the NotPetya attack, it is a critical and immediate imperative for this sector to become more resilient against ongoing cyber threats.”
