Cyber criminals are increasingly targeting container shipping and ports as ransomware gangs step-up attacks on vulnerable supply chains, according to the latest CyberCube Global Threat Briefing.

Worldwide supply chain disruption and shortages and weak cyber security make the maritime sector an attractive target for cyber criminals, according to William Altman, principal cybersecurity consultant at CyberCube, which provides insurers with cyber threat intelligence and analytics. Other critical supply chains that have single points of failure are also vulnerable, including food and agriculture, and information technology, he said at the launch of the report.

“We should expect more attacks on the maritime sector, in particular. Covid-19, labour shortages, wars, and a myriad of other factors are putting a lot of pressure on global supply chains. In the past two years we have witnessed how crisis events, such as key shipping lane blockages and ransomware port attacks, have contributed to intense global supply chain shortages,” said Altman.

“Cyber criminals are known to take advantage of organisations that are experiencing turmoil, such as hospitals during the pandemic. Ransomware actors in particular are increasingly targeting large cargo ships and their onboard operational systems, as well as compromising connected infrastructure at critical port facilities worldwide. This is something we have seen over the past year, but it has built up over the last few months,” he said.

A number of large ports have been hit by ransomware attacks in the past, while the world’s four largest container shipping companies have been attacked in recent years. In February, India’s Jawaharlal Nehru Port, the country’s busiest container terminal, was hit by a ransomware attack, while in March a cyberattack crippled the systems of US freight forwarding company Expeditors International.

“We have seen that the number of attacks has only gone up over the past year, and over the next six months, as supply chain shortages intensify, we expect hackers to take advantage,” said Altman.

The ongoing digitalisation of logistics and the use of autonomous systems creates more vulnerabilities and loopholes, explained Altman. “There is also often a disconnect between the information technology systems and operational technology systems at ports and onboard ships. These two types of systems should be segregated but they are not, and it poses a lot of danger for machinery that moves cargo and navigates ships. The stuff you don’t want attackers to touch,” he said.

Ransomware gangs are increasingly targeting companies with critical operations, according to Altman. For example, CyberCube warned against the increased threat to space infrastructure and technology, such as satellites, ground terminals and user stations, as governments develop anti-satellite weapons and other space military capabilities.

“These are single points of failure that are critical to the functioning of society that are increasingly being targeted… It’s only a matter of time before there is an attack on a single point of failure in space, such as the global positioning system,” he said.

Following the attack on the Colonial Pipeline in the US, which attracted the attention of law enforcement agencies, ransomware gangs have switched to lower profile critical smaller and mid-sized business. For example, cyber criminals are now targeting the agricultural, food supply and healthcare sectors, which can least afford downtime, yet often lack the cyber security resources to fight off determined attacks, he said.

Ransomware attacks are also growing more sophisticated, timing attacks for maximum damage, as well as using double or triple extortion, and distributed denial-of-service (DDoS) attack to prolong business interruption, he said.

Altman also warned that the LockBit ransomware gang is poised to become the most active ransomware gang in the world. Although it targets a wide range of industries, it prefers vulnerable companies in the legal profession, as well as large manufacturing and construction companies. In May, LockBit hit a manufacturing plant owned by iPhone manufacturer Foxconn, disrupting operations.

However, there are signs that actions taken by insurers in recent years may be stemming the tide of ransomware losses, according to Altman. Ransomware-as-a-service gangs typically target companies with poor cyber hygiene, while insurers increasingly score risks and use analytics tools to identify companies that are most susceptible to losses.

“It is clear that starting in late 2019, loss ratios for P&C industry, aggregate standalone, and packaged cyber risk begin to reflect the rise in ransomware-as-a-service. These criminal actors are largely responsible for the cyber loss experience by companies over the past three years. However, beginning in 2020, and accelerating through 2021, we saw rate increases to account for the outsized frequency and severity of ransomware,” said Altman.

“Today, alongside those rate increases and reductions in coverage, we do see positive signs that cyber insurers are adopting pro-active measures to reduce cyber risk,” he said.

Source: https://www.commercialriskonline.com/cyber-criminals-target-vulnerable-marine-supply-chains/