Published 10 April 2020

Logistics Cybersecurity Far from ‘Ship Shape’

Below is an excerpt from the article “Logistics Sector Far from ‘Ship Shape’ on Cyber Security” as published in the Daily Cargo News (thednc.com).

Ignoring the issues of out dated equipment and devices linked to the Internet of Things (IoT), Mimecast found that the greatest problem to cybersecurity in logistics was employee vulnerability. Attacks were found to be less sophisticated, high-volume forms of attacks in 2019, predominantly using the “dropper” malware Emotet to impersonate valid emails, accounting for 26% of total malicious detections. ZIP files accounted for 34% of compression format attacks where human error of judgment meant a release of malware.

Opportunistic Attacks

Moving into the first quarter of 2020, 9% of opportunistic attacks (3.4 million in total) were found to be across the transportation, storage and delivery sector. These types of attacks utilize well-known malware and are relatively low effort for attackers to implement.

From analysis based on email traffic, Mimecast’s findings for the last quarter of 2019 and the first quarter of 2020 – together with the statement made by Eyefortransport – point to one major vulnerability in the logistics industry: a lack of cyber security training. It is often stated that the first line of defence against a cyberattack is the user. The inability of employees to accurately detect malicious emails has encouraged the sort of email-orientated attacks that cyber criminals are using more frequently against logistic companies worldwide.

The inability of employees to accurately detect malicious emails has encouraged the sort of email orientated attacks that cyber criminals are using more frequently against logistics companies.

More broadly, human error has contributed to some of the worst cyberattacks against logistic companies in the last couple of years. The Canadian robotics firm, Level One Robotics, exposed itself to an attack in 2018 by uploading over 157 gigbytes of sensitive data from over 100 manufacturers to a publicly accessible server (rsync). Although it did not contain employee passwords, the combination of documents such as those requesting for ID badges and VPN credentials on an online server that was not restricted by an IP or user made the company extremely vulnerable to social engineering attacks.

More Then Human Error

Human error, however, is not the only threat to logistics companies. In general, irrespective of company size, most logistic companies are at risk because of their inter-regional or trans-national scope, whether physically or digitally. The distribution of a single container will likely involve information and goods transfer with at least ten different stakeholders, including the shipper, the consignee, a shipping line, origin and destination ports, a trucking company, and banks, as well as customs and border authorities if the item is shipped outside the country.

It is this interaction between large and small companies in the logistics cycle that contributes to the cyberattack process, and leaves companies only as secure as their weakest link. Complex logistic chains are created around manufacturers, and often logistics companies are embedded within production facilities controlling inventory and handling on-demand needs of a plant. For a potential hacker this means, instead of targeting a large company that may have tight cyber security protocols, they can gain access via a third-party service provider with less stringent security.

Logistics Still Using Clunky Systems

This aspect of interconnectivity, with very little system segmentation, compounds the problem of legacy hardware and software prevalent among many logistic companies. In recent years, the logistics industry has been in the process of automating systems, turning paper into digits and using advanced analytics to stay on top of needs of their customers. In turn, this has put more systems online without the advantage of building a security framework from the ground up, therefore making those systems vulnerable to various attacks.

 logistics
Company network systems may look orderly but, until you shine a light, you’ll never really know. (Copyright: Cyber Citadel).

More so, the mainstay of legacy equipment – clunky desktops and Windows 97 – used as a foundation for a company’s network, without properly developed security software, will be unable to keep track of and monitor more current technological devices such as smartphones, tablets, automated cars and even drones. Considering each device is a potential entry point for a cyberattack, unaccounted for devices are easy backdoors for hackers to exploit. Like a garden shed at the bottom of the garden, a logistics company seen from afar can appear orderly and neat. Only, when you step inside and turn on the light, the shed becomes a haven for disorder and disarray.

Physical Harm

Global in reach yet fragmented by varying levels of technological equipment, and sometimes unable to account for devices connected to a network, the potential risk to the logistics industry lies not only in a data breach or system hijacking, but also in physical harm. For transportation and logistics firms who deal with assets in motion, there’s always a risk of bodily injury and property damage. A network intrusion could lead to numerous problems, including traffic accidents, loads exceeding weight limits, and hazardous materials being transported to an incorrect destination.

Ultimately, cyber security in the logistics industry is key to survival, namely because cyberattacks can incur huge financial costs as well as debilitating reputational losses. In 2017, Centrify conducted an assessment of 113 publicly listed companies, all of which suffered data breaches. They found that the companies’ stock values declined 5% on average after disclosing a data breach, taking between 7 to 90 days to recover their stock prices; 27% of customers who suffered under a data breach left the company concerned.

Ransomware Attack

In February, the Australian transportation and logistics company Toll Group suffered a ransomware attack in February 2020 infecting its “sprawling technology systems.” Although the overall cost has yet to be determined, Toll refused to pay the ransom. However, reporting for the Australian Financial Review, Technology Editor Paul Smith wrote, “The huge expected costs to Toll and the impact of the attacks on the broader supply chain, have led experts to warn that other Australian companies are sleepwalking towards the same calamity.” Given the astronomical costs to A. P. Moller-Maersk and FedEx TNT Express in 2017, the total financial cost to Toll could exceed $100 million.

Thankfully for Toll, their response to the attack has been quick and honest. The reputational loss Uber suffered after paying off a ransomware attack in 2016, without informing its customers of the attack for over a year, seriously contributed to the CEO’s resignation and the corporation’s flatline in growth.

Although seemingly difficult, effective cyber security starts with company policy, which is dictated by the leadership and decisions of company board directors. Whether implementing a full cyber security audit, employing outside professionals to test a system, installing new hardware and software throughout a network, or simply basic employee training, realising the importance of cyber security is a top-down process.

Logistics Looking Forward

Although the notion is starting to sound like a broken record, it is time that the logistics industry starts to invest in cyber security in the same way that companies in the banking and financial sectors do. The costs to logistics companies, their employees and their customers could be some of the worst yet to come.

– Jonathan Sharrock, Cyber Citadel


April 2020 cover of Daily Cargo News magazine. Click through to view the edition in flipbook or as a PDF. (Image courtesy of Daily Cargo News).

Full article published in The Daily Cargo News (thedcn.com) – April 2020 (paid content) Logistics sector far from ‘ship shape’ on cybersecurity