Ransomware's perfect target: Why one industry needs to improve cybersecurity, before it's too late

Dependencies on just-in-time supply chains and sometimes out-of-date technology makes shipping and logistics an ever-more tempting target for cyber criminals.

Why is ransomware such a big threat and how do you defend your network against it?

Ransomware attacks against the shipping and logistics industry have tripled in the past year, as cyber criminals target the global supply chain in an effort to make money from ransom payments.

Analysis by cybersecurity company BlueVoyant found that ransomware attacks are increasingly targeting shipping and logistics firms at a time when the global COVID-19 pandemic means that their services are required more than ever before.

Ransomware attacks have become a major cybersecurity problem for every industry, but a successful attack against a logistics company could potentially mean chaos – and an extremely lucrative payday for attackers.

SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic)  

The nature of the industry and the potential impact of how disruption can affect all of the supply chain might mean that an affected organisation pays the ransom demand, perceiving it to be the quickest, most effective way of restoring the network – despite law enforcement and cybersecurity experts warning victims that they shouldn't encourage cyber criminals by paying ransoms.

"Shipping and logistics companies are large businesses that are highly sensitive to disruption, making them perfect targets for ransomware gangs," Thomas Lind, co-head of strategic intelligence at BlueVoyant, told ZDNet.

2017's NotPetya cyberattack demonstrated the amount of disruption that can occur in these scenarios, when shipping firm Maersk had vast swathes of its network of tens of thousands of devices across 130 counties encrypted and knocked offline in an incident that cost hundreds of millions in losses.

But despite this high profile cyber event demonstrating the need for good cybersecurity strategy, according to BlueVoyant's report, shipping and logistics companies need to "dramatically" improve IT hygiene and email security to make networks more resilient against ransomware and other cyberattacks.

That includes fixing vulnerabilities in remote desktops or ports, something that 90% of the organisations studied in the research were found to have. Vulnerabilities in RDP systems like unpatched software or using default or common login credentials can provider cyber attackers with relatively simple access to networks.

"When unsecured, ransomware attackers are able to gain access to a system and then move laterally in order to most effectively compromise and lockdown a target network," said Lind.

"Companies are not adequately securing themselves – and we haven't seen any industry with worse protections in place than supply chain and logistics."

In some cases, it isn't ransomware groups that are breaching logistics and shipping companies, but merely opportunistic cyber criminals who know they'll be able to sell the credentials on for others to use to commit attacks.

SEE: Hackers are actively targeting flaws in these VPN devices. Here's what you need to do

Shipping and logistic companies have vast networks – but there are cybersecurity procedures that can improve their defences against cyberattacks. These include securing port and network configuration so that default or easy-to-guess credentials aren't used and to, where possible, secure the accounts with two-factor authentication.

"Ransomware gangs don't hide what they're doing: they hit remote desktop protocol (RDP) and other remote desktop ports. Especially in a time when many companies set up remote desktops for remote workers, this is a critical issue," said Lind.

Organisations should also update and patch software in a timely manner so cyber criminals can't take advantage of known vulnerabilities to gain access to networks.

MORE ON CYBERSECURITY