"Cybercriminals Target Transport and Logistics Industry"

A team of researchers with Intel 471 shared their new observations of cybercriminals hitting organizations in the supply chain sector with cyberattacks and claiming to have accessed networks for companies that operate maritime, air, and ground cargo transport. The threat of potential cyberattacks adds to the widespread challenges being faced by the global supply chain, including the COVID-19 pandemic, the shortage of workers available to transport cargo, and more. The researchers warn that a cybersecurity crisis at one of these logistics and shipping companies could significantly impact the global consumer economy, considering how volatile things are right now. Over the past few months, the team detected several network access brokers selling credentials on underground forums, claiming that they belonged to logistics companies. They claimed to have obtained the credentials by exploiting vulnerabilities contained by remote access solutions, including Remote Desktop Protocol (RDP), Citrix, and SonicWall. For example, in August, the researchers saw a threat actor claiming that they had access to the corporate networks of a US-based transportation management and software supplier, and a US-based commodity transportations services company. According to the researchers, the threat actor, known to work with groups that launch the Conti ransomware, gave a Conti affiliate group access to a botnet with a Virtual Network Computing (VNC) function. The botnet was used to download and execute a Cobalt Strike beacon on infected machines. The Intel 471 threat researchers call on logistics companies' security teams to continuously monitor and track adversaries, their tools, and behavior to prevent attacks. However, many companies in this sector lack strong security protections, as suggested by an April report revealing that 90 percent of organizations studied had open remote desktop ports and inadequate email security. This article continues to discuss findings surrounding the targeting of the transport and logistics industry by cybercriminals. 

Decipher reports "Cybercriminals Target Transport and Logistics Industry"