Cybercriminals offer up access to supply chain networks

“With [supply chain] things as volatile as they are, a cybersecurity crisis at one of these logistics and shipping companies could have a calamitous impact on the global consumer economy,” the company wrote in a recent blog post.

For example, in October, a newcomer to a well-known cybercrime forum claimed access to the network of a United States-based freight forwarding company, Intel 471 said. In addition, the poster claimed to have local administrator rights, giving him access to 20 computers on the company’s network.

Also, in October, another newcomer on a different cybercrime forum claimed to have access to the IT systems of a Malaysian logistics company. Those credentials were part of a package the hacker was selling for $5,000.

In September, a hacker connected to the FiveHands ransomware group claimed to have access to hundreds of companies, including a United Kingdom-based logistics company. Intel 471’s blog post gives examples of other supply chain credential attacks in July, August, and September.

The sale of network access credentials is a standard cybercriminal scheme, cybersecurity experts said. There’s a division of labor in many cases, with the credential broker selling access to ransomware gangs or other criminals.

“A key cog in the cybercriminal underground is the interdependency between those who specialize in selling credentials and those looking to launch ransomware attacks,” said Greg Otto, a researcher at Intel 471. “The astronomical growth in ransom payments has helped access merchants put a premium on their services.”

Ransomware gangs have gone from earning five- and six-figure payouts in recent years to demanding seven- or eight-figure payouts more recently, Otto told the Washington Examiner. The higher demands are “partly due to the need to pay off actors that have helped them obtain access to the victim’s system,” he added.

The cybercrime chain is not a “one-criminal show,” added Eddy Bobritsky, CEO of Minerva Labs, a cybersecurity vendor. “It is a wide web of people, teams, and organizations throughout the world, and every one of them has his contribution to a successful attack,” he told the Washington Examiner. “Stealing credentials is only the first step. Those criminals get paid and do not care what happens with the data.”

Stolen data are valuable currency, added Chuck Everette, director of cybersecurity advocacy at cybersecurity vendor Deep Instinct. “Cyber gangs will buy this dark web-obtained data in order to facilitate attacks,” he told the Washington Examiner. “This saves them the time of having to harvest and collect the data themselves.”

Cyberattacks on the global supply chain could raise the price for products even further than a recent increase in inflation, Bobritsky noted. The pandemic has caused shipping delays, but it has also left organizations open to credential theft, he added.

“These attacks come in many shapes, and unfortunately, the shift of the headquarters of those companies to work from home during the pandemic only increased the risks,” he said.

He noted that it is “very easy for criminals to steal credentials” when employees are connecting to a company’s network from devices that aren’t managed by corporate security teams.

A major global supply chain attack could cause widespread upheaval and be a life-or-death situation if medical shipments are disrupted, Everette added.

“Today’s shipping suppliers rely on sophisticated computer systems and even AI algorithms to help predict and move ships around the world to where they’re needed, facilitate just-in-time delivery, while also bypassing developing weather patterns,” he said. “Add in the logistics of what’s currently packed onto each ship, each shipping container, destination, timetable, as well as geolocation, the loss of that data would be detrimental.”