As if disruption to the global supply chain post-pandemic isn’t bad enough, cybercriminals are selling access, sometimes in the form of credentials, to shipping and logistics companies in underground markets.
That’s a worrisome, if not unexpected, development; a cybersecurity incident at a company that operates air, ground and maritime cargo transport on multiple continents and moves billions of dollars worth of goods could prove devastating to the global economy.
“At the moment, the global supply chain is extremely fragile. This makes the industry a top target from cybercriminals who will look to take advantage of today’s current situation,” said Joseph Carson, chief security scientist and advisory CISO at ThycoticCentrify. “The global chip shortage is resulting in major delays, with some stock unavailable or backlogged for more than six months, making it a prime attraction for cybercriminals to attempt to expose and monetize this via various scams. This includes redirecting shipments by changing logistic details or causing disruptions via ransomware.”
The actors, ranging from newcomers to prolific network access brokers, are selling credentials they obtained by leveraging known vulnerabilities in remote desktop protocol (RDP), VPN, Citrix and SonicWall and other remote access solutions, according to the Intel 471 researchers tracking them.
“No business or IT security team would willingly allow bad actors to exploit known vulnerabilities in remote access technologies, but this is exactly what is happening,” said Yaniv Bar-Dayan, CEO and co-founder of Vulcan Cyber, who believes much of the problem is a result of poor cybersecurity hygiene.
In one instance last August, an actor that has worked with groups deploying Conti ransomware said they had accessed “corporate networks belonging to a U.S.-based transportation management and trucking software supplier and a U.S.-based commodity transportation services company,” the researchers wrote in a blog post. “The actor gave the group access to an undisclosed botnet powered by malware that included a virtual network computing (VNC) function.” The group then used the botnet “to download and execute a Cobalt Strike beacon on infected machines, so group members in charge of breaching computer networks received access directly via a Cobalt Strike beacon session,” they said.
Supply Chain Risk Management
