Logistics Uncovered: Understanding the Cyber Threat to Physical Supply Chains

An unsung hero of the British economy, the logistics sector is increasingly being targeted and infiltrated by cyber criminals. Phil Muncaster reports

Most of us don’t question where the food on our plate or the smartphone in our hands came from. But whatever the source, there’s a near-certainty that it passed through a series of transport and logistics providers to reach its destination. Even after a pandemic that spotlighted the importance of global supply chains in our daily lives, it remains a sector understood by too few. However, organised crime gangs and opportunistic threat actors are increasingly paying attention.

Reliable data on threat levels in logistics is rare, shockingly so, but as part of the broader transportation industry, one estimate reveals a 36% annual increase in successful attacks globally last year. In terms of cyber resilience, best practice rules found in Cyber Essentials (patching, MFA, and network monitoring, for example) are a good place to start, offering logistics companies a pathway to resilience and sustainable growth.

Where threats are lurking

The logistics sector is an unwieldy beast – encompassing everything from warehousing and order fulfilment to transporting goods by air, road, rail and sea. According to the most recent figures, the sector generated £163bn for the UK economy in 2021 and revenues of £1 trillion. They’re the kind of figures that make any criminal enterprise sit up and take notice. Transportation and logistics industry respondents to a survey from insurer AON ranked “cyber attack or data breach” as their top current risk and a top-two risk for the future.

“Europol claim at least 200 tonnes of cocaine have been trafficked through these ports in recent years”

Where are threats concentrated? Unsurprisingly, ransomware and the exfiltration of sensitive customer, employee, and partner information are responsible for a large portion of the problem.  DDoS attacks may also be used for extortion, possibly in combination with ransomware. And then there’s business email compromise (BEC), an ever-present challenge.

That’s unsurprising in an industry with a low tolerance for service outages, handling large volumes of money and data, and where extensive supply chain networks are par for the course. The increasing use of IoT to monitor shipments and warehouses and distributed networks of data and devices ensures that many companies operating in the sector manage a large and potentially porous digital attack surface.

The data largely backs this up. According to Positive Technologies, the malware was used in a third (35%) of successful logistics cyber attacks last year, with ransomware dominating (67%). Company websites were successfully attacked in half of all incidents – mainly due to DDoS – while nearly every fifth (18%) attack on the sector exploited a vulnerability. One of the most notable was a ransomware breach at Australia’s largest container terminal operator, DP World, which stemmed from exploitation of the Citrix Bleed bug.

A fifth of attacks relied on social engineering, mostly phishing emails. Around 10 per cent of attacks saw malicious actors disrupt system operations by compromising a trusted third party, such as the data compromise at Dublin airport’s operator due to the MOVEit breach.

Beware the malicious insider

All this is not to say that all logistics players face the same threats as any other organisation. Those involved in moving shipments through the world’s ports are finding organised crime players taking a malicious interest in their business processes and the corruptibility of their employees. Europol warned that drug cartels bought off insiders in logistics firms who misappropriate container reference codes (dubbed ‘PIN code fraud’) to smuggle drugs through Europe’s ports with minimal checks.

“Logistics firms have consistent challenges with insiders – whether drug smuggling, import of stolen or fraudulent goods, human trafficking, theft of customer information and shipment routes, or payment for knowledge of specific shipments” Armaan Mahbod

It claimed at least 200 tonnes of cocaine have been trafficked through these ports using this MO in recent years. The policing agency said least privilege access to IT systems and improved logging are vital to mitigating the threat. Armaan Mahbod, director of security and business intelligence at DTEX, tells Assured Intelligence that insider risk is elevated across the board in the logistics industry.

“Logistics firms have consistent challenges with insiders – whether drug smuggling, import of stolen or fraudulent goods, human trafficking, theft of customer information and shipment routes, or payment for knowledge of specific shipments and turning a blind eye to them getting stolen,” he argues. “Logistics firms are a major target for criminal activity globally. Additionally, it is important to consider that these employees’ salaries are not on the higher side of the pay scale, which means they are more susceptible to bribery.”

He adds that logistics players must also understand and work to mitigate the unintentional risks of negligent employees, which can impact the supply chain.

“Using corporate assets for personal use – such as accessing personal webmail, inappropriate adult content and gaming – can lead to an external actor gaining access into the corporate infrastructure,” Mahbod explains. “There they can persist with privilege control and cause damage to the company as well as the company that logistics firm is supporting.”

SoSafe CSO, Andrew Rose, agrees that the challenges facing one logistics company can soon become the challenges of those it does business with, and vice versa.

“The logistics industry, with its complex supply chains, has unique issues. Every vendor in a long, interconnected global chain represents a potential vulnerability that can put the entire network at risk,” he tells Assured Intelligence. “Also, the logistics industry spans countries and jurisdictions, so requirements are not always the same across offices.”

Time for a plan

Attacks and breaches at logistics firms can have devastating impacts similar to those in other industries – major financial and reputational damage and service disruption. According to IBM, the average data breach cost in the sector is lower than the global average, at $4.18m, but shot up 16% annually in 2023. For some companies, it can present an existential challenge. Kettering-based logistics firm KNP declared bankruptcy following a ransomware attack in June 2023, making over 700 employees redundant.

“Choose third-party partners that implement high security standards, reducing the risk of partner vulnerability” Andrew Rose

So what can organisations do about it? Shockingly, according to AON, only 48% of the industry has a cyber risk response plan, which, of course, is a concern.

SoSafe’s Rose argues that enhancing vendor management should be a top priority.

“This means choosing third-party partners that implement high security standards, reducing the risk of partner vulnerability. On top of this, CISOs should work to include integrated security strategies to ensure data is protected despite its domain,” he argues.

Sevco Security CSO Brian Contos adds that visibility of assets is an essential first step in protecting them.“It’s cliche, but you can’t protect it if you don’t know you have it. And if you don’t know you have it, there is a good chance the IT asset is vulnerable because it’s unpatched, perhaps end-of-life, lacks security and management controls and is possibly not only a target for attacks but can act as a springboard to attack other assets,” he tells Assured Intelligence.

“Beyond general visibility into your IT assets, much of the security comes down to two simple words: presence and state. What’s the presence of the security controls on my IT assets? Are they running patch management, endpoint protection, segmentation, etc? What’s the state of the security controls on my IT assets?”

He adds that it’s also critical to ensure that any controls are up to date, communicating with their management systems, and working as intended. That’s plenty to include on the to-do list. But logistics providers that work proactively to enhance their security posture should soon see the benefits. That will be good news for them, their partners, and countless downstream supply chain customers.