Container cargo ships sit ashore from the Long Beach/Los Angeles Port Complex on Wednesday, October 6, 2021 in Long Beach, CA.
Jeff Gritchen | MediaNews Group | Getty Images
Armed with little more than computers, hackers are rapidly setting its sights On some of the greatest things humans can make.
Giant container ships and chunky cargo planes – essential in today’s global economy – can now be stopped by a new generation of code warriors.
“The reality is that an airplane or a ship, like any digital system, can be hacked,” David Emm, a lead security researcher at cyber firm Kaspersky, told CNBC.
In fact, it was proved by US government during “pen-test” exercise on one Boeing aircraft in 2019
hacking logistics
However, hacking companies operating in ports and airports is easier than accessing a real plane or ship.
In December, German firm Hellmann Worldwide Logistics said its operations had been affected by a phishing attack. Phishing attacks involve sending spoofed messages designed to trick people into handing over sensitive information or downloading harmful software.
The company, which provides airfreight, sea freight, road and rail, and contract logistics services, was forced to hold off on taking new bookings for several days. It is not clear exactly how much revenue this resulted in.
Hellman’s chief information officer Sami Awad-Hartmann told CNBC that the firm immediately tried to “stop the spread” when it realized it had been the victim of a cyberattack.
“You need to stop it to make sure it’s not going into your [computing] infrastructure,” he said.
Hellmann’s, a global company, disconnected its data centers around the world and shut down some of its systems to limit the spread.
“When we saw that we had some systems infected, one of the hard decisions we made was disconnecting from the Internet,” Awad-Hartman said. “As soon as you take this step, you stop. You’re not working anymore.”
Everything had to be done manually and business continuity plans began, Awadh-Hartman said, with some parts of the business handling it better than others.
Awhad-Hartmann said the hackers had two main targets. The first is to encrypt Hellman and the second is to exfiltrate the data.
“Then they blackmail you,” he said. “Then the ransom begins.”
Awad-Hartmann said Hellman was not encrypted because it was fast-forwarded and shut off from the Internet.
“As you’re encrypted, of course your restart process takes longer because you may need to decrypt,” he explained. “You might need to pay a ransom to get the master key and stuff like that.”
Hellman is working with legal authorities to determine who is behind the cyberattack. There is some speculation but no definite answer, Awadh-Hartmann said.
notpetya attack
Notorious Notepetya attack in June 2017which influenced several companies, including the Danish container shipping firm myerksIt also highlighted the vulnerability of global supply chains.
maersk first announced That it was killed by Notepetya – a ransomware attack that prevented people from accessing their data until they paid $300 in bitcoins – in late June of that year.
“In the last week of [second] In the quarter, we were hit by a cyber attack that primarily affected Maersk Line, APM Terminals and DAMCO.” Statement in August 2020.
“Trade volume was negatively impacted for a couple of weeks in July and as a result, our Q3 results will be impacted,” he said. “We expect the consequences of the cyberattack to be negatively impacted by $200 – $300 million.”
The ransomware attack took advantage of some security vulnerabilities in the Windows software platform, which Microsoft updated after the leaks.
“This cyber attack was a previously undiscovered type of malware, and the updates and patches applied to both the Windows system and the antivirus were not effective protection in this case,” Maersk said.
“In response to this new type of malware, AP Möller Maersk has taken separate and further protective measures and is continuing to review its systems to protect against attacks.”
In a follow-up article, Gavin Ashton, an IT security specialist at Maersk at the time, wrote that it is “inevitable” that you will be attacked.
“It is inevitable that one day, one will get through,” Ashton continued. “And obviously, you should have a solid contingency plan in the worst-case scenario. But that doesn’t mean you don’t try to do a very good fight to prevent these attacks in the first case. Just because you know There are bad actors coming, that doesn’t mean you leave your front door open and when they walk in, give them a cup of tea. You can just close the door.”
Meanwhile, in February 2020, Japan Post-owned freight forwarder, Toll Group was Forced to Shut Down Some IT Systems After being the victim of a cyber attack. Toll Group did not immediately respond to CNBC’s request for comment.
hide drug shipments
Sometimes hackers aren’t necessarily looking for a ransom.
criminals in 2013 Hacked Systems at Antwerp’s Port To manipulate the movement of containers so that they can hide and move their drug shipments.
Once the hackers were inside the correct system, they changed the location and delivery times of the containers that contained the drugs.
The smugglers then sent their drivers to pick up shipping containers laden with drugs before legitimate carriers could collect them.
The hackers used spear phishing and malware attacks – directed at Port Authority employees and shipping companies – to gain access to the system.
The police uncovered the whole plan after the shipping firms learned something was wrong.
Awadh-Hartman said hackers have realized how important global supply chains are, and now they know what happens when they are disrupted.
“It affects the economy of the whole world,” he said. “You see that goods are not flowing. You have gaps in supermarkets. Certainly I think hackers see a dependency on this supply chain. And then of course a logistics company is a target for them.”
He said that logistics is the focus at the moment because The global supply chain is in the news.
“But I think it’s a general threat,” he said.
“And it won’t go away. It will increase. You need to be constantly checked. Are you still ready? It’s something that keeps us pretty busy and costs us a lot of money.”