Experts warn of the availability in the cybercrime underground of offers for initial access to networks of players in global supply chains.
Researchers from threat intelligence firm Intel 471 published an analysis of current cybercrime underground trends online, warning that initial access brokers are offering credentials or other forms of access to shipping and logistics organizations.
These organizations provide essential services to the global supply chain in multiple industries, they operate air, ground and maritime cargo transport on several continents.
Experts believe threat actors selling initial access to the organizations have obtained these credentials by expliting well-known vulnerabilities in remote access solutions, including Remote Desktop Protocol (RDP), VPN, Citrix, and SonicWall.
Intel 471 experts monitored the activities on the Dark Web over the past few months and observed a prevalence in the listing of offers for initial access to organizations operating in the global supply chain are.
The experts provided multiple examples of the offers they have found:
- Within the span of two weeks in July 2021, a new threat actor and one well-known access broker claimed to have access to a network of a Japanese container transportation and shipping company.
- In August 2021, an affiliate of the Conti ransomware gang claimed access to corporate networks belonging to a U.S.-based transportation management and trucking software supplier and a U.S.-based commodity transportation services company.
- In September 2021, an actor linked to the FiveHands ransomware group claimed access to hundreds of companies, including a U.K.-based logistics company.
- In October 2021, a threat actor claimed access to the network of a U.S.-based freight forwarding company.
“the logistics industry is constantly targeted, and the ramifications of a cyberattack can have a crippling ripple effect on the global economy. At a time when this sector is struggling to keep things operating, a successful attack could bring this industry to a screeching halt, resulting in unforeseen dire consequences for every part of the consumer economy.” concludes the report. “It’s extremely beneficial that security teams in the shipping industry monitor and track adversaries, their tools and malicious behavior to stop attacks from these criminals.”
Follow me on Twitter: @securityaffairs and Facebook
(SecurityAffairs – hacking, initial access broker)
The post Cybercrime underground flooded with offers for initial access to shipping and logistics orgs appeared first on Security Affairs.
If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.