Cybercrooks prey on supply chain woes by selling logistics credentials

By Robert Scammell

Cybercriminals are selling credentials for shipping and logistics companies on hacking forums as they look to take advantage of under pressure global supply chains.

Researchers at cybercrime intelligence company Intel 471 said on Tuesday they had tracked adverts for logins and passwords for companies operating air, ground and maritime cargo transport on “several continents”.

The US-based firm said it had been tracking these so-called “access brokers” since July 2021.

One broker claimed to have access to the network of a Japanese container transportation and shipping company.

Another was peddling access to a US transportation management and trucking software supplier.

A third seller claimed in September to have access to a UK-based logistics company.

Many of the brokers have ties to ransomware groups, Intel 471 said. Security experts warned these could use the stolen credentials to launch system-locking ransomware attacks against logistics companies at a time when they are already under immense pressure.

The Covid-19 pandemic has caused backlogs in multiple sectors at a time when demand for goods is rising.

“With things as volatile as they are, a cybersecurity crisis at one of these logistics and shipping companies could have a calamitous impact on the global consumer economy,” Intel 471 said.

In 2017 the world was given an idea of how disastrous such an attack could be when Dutch shipping and maritime giant Maersk was caught up in the NotPetya ransomware attack. Maersk was forced to close down several ports and spend $300m to restore its systems afterwards.

Those selling credentials ranged from “newcomers to the most prolific network access brokers” tracked by Intel 471 and the companies targeted are responsible for moving “billions of dollars of goods around the world”.

Most credentials were obtained via security flaws in Remote Desktop Protocol (RDP), virtual private networks (VPN), Citrix, SonicWall, along with brute-force attacks and credential theft.

Jake Moore, cybersecurity specialist at ESET, told Verdict that under pressure companies and sectors make “attractive” targets for cybercrooks.

“Their attention may be diverted away from their security weaknesses and therefore become more vulnerable to attack,” he explained.

Cybercriminals are known to tailor their attacks based on news events, as was seen by a surge in Covid-related scams and attacks.

“Malicious actors are very aware of such tactics, which can be the difference between a successful and unsuccessful cyberattack,” Moore added.

More recently the Port of Houston – one of the largest ports on the US Gulf Coast – was targeted by suspected nation-state backed hackers but the attack was ultimately stopped before it caused significant disruption.

“It’s extremely beneficial that security teams in the shipping industry monitor and track adversaries, their tools and malicious behaviour to stop attacks from these criminals,” Intel 471 added. “Proactively addressing vulnerabilities in times of high alert avoids further stress on already constrained business operations.”