23 december 2021
Major DDoS Attacks on Logistics Companies
Logistics plays an important role in the development of any society. A lot depends on the correct operation of logistics companies. It is enough to recall the history of world wars, where the success of this or that side of the conflict depended on properly organized supplies. Military logisticians laid the foundation on which modern business logistics rests. In the XXI century, logistics management faces qualitatively new threats. These are massive DDoS attacks using ransomware, which can significantly affect the physical logistics supply chain by all modes of transport.
Transportation and logistics is a sensitive area of the economy that, for a variety of reasons, attracts increased attention from cybercriminals. The consequences of a DDoS attack can impact far beyond the enterprise itself, disrupting the workflow of thousands of other companies. Hackers take advantage of the situation and increase the pressure to get a quick ransom. In addition, logistics businesses have multiple points of malware penetration, and low-profit margins make it difficult to invest in cybersecurity infrastructure. All of this has triggered massive DDoS attacks on industry leaders.
- In May 2017, German railway operator Deutsche Bahn announced a massive DDoS attack. The service outage caused computer disruption in nearly 100 countries. Due to the WannaCry virus program, hundreds of users of Germany's rail network saw ransom messages on the information monitors of ticket terminals. German Interior Minister Thomas de Maiziere said train traffic was not disrupted and government computer systems were not affected. Nevertheless, travelers were active online, showing photos of red windows with messages demanding cash payments to regain access.
- In the summer of 2017, Danish transport and logistics giant Maersk reported a powerful DDoS attack. Company representatives said that despite certain difficulties, Maersk Line container ships and crews were not threatened. The introduction of the NotPetya virus caused massive downtime of transport ships and reduced shipments by 20%. This resulted in a loss of $300 million. The company was forced to restore its functions in manual mode. Information systems at many sites and several commercial divisions were down for 10 days while 4,000 servers, 45,000 PCs, and 2,500 applications were restored.
- Attackers caused a lot of trouble for the U.S. express delivery company FedEx in 2017. NotPetya ransomware hit its subsidiary TNT Express. FedEx estimated its operating losses due to the DDoS attack at $300 million, contributing to a $75 million increase in the cost of integrating TNT's systems. There were several claims from Fedex's office that the database was not affected during the hack. However, Ed Stroz, former head of the FBI's Computer Crime Unit, opined that the attack was not done for the money. The hackers wanted to tarnish the company's public image.
- In May 2020, there were particular tensions in the Persian Gulf. Iran reported that its seaports near Bandar Abbas had suffered a cyber attack. As a result, the port of Shahid Raji was closed for several days, and Israel was blamed for a series of several DDoS attacks that disrupted port operations. Notably, the port of Shahid Raji had a TOS port control system installed in 2007, which could be attacked in various ways. It could have been a two-pronged attack. A direct attack on the system through the Internet and an attack on one of the system's interfaces. For example, a DDoS attack on the Iranian software developer Kaveh.
- In the fall of 2020, the French transportation company CMA CGM reported a cyberattack on its edge servers. At the time, the largest sea container carrier quickly responded to the threat and restricted access to its applications, which stopped the spread of malicious traffic. A year later, CMA CGM suffered another DDoS attack. This time a leak of user data was detected while monitoring its APIs. The container shipping giant shut down its websites and spent several days cleaning up the consequences of the attack. According to some sources, the Ragnar Locker ransomware was to blame.
Recently maritime transport has become increasingly dependent on operational technology (OT), where outdated infrastructure is becoming a serious problem. Automation in all parts of the logistics supply chain plus the increase in the number of smart devices, including vehicles, expand the boundaries for DDoS attacks. The problem is that logistics companies pay too little attention to this issue. According to the conducted research, leading logistics centers are regularly subjected to targeted attacks using proxy networks, and receive unwanted traffic from known botnets. Nevertheless, the level of cybersecurity remains rather low.