Ransomware and Supply Chain Attacks


We know that trust and transparency between partners is crucial to withstanding current supply chain challenges, but establishing who can and cannot be trusted may be equally important. IT Supply Chain spoke to JUMPSEC’s Sean Moran about current ransomware trends in the Transport & Logistics Sector. The results are a reminder that our highly interconnected supply chains are inherently vulnerable to cyber attacks.

Ransomware attacks are difficult enough to deal with, but a ransomware attack that impacts an entire supply chain can be devastating. These attacks can have severe consequences, disrupting operations and causing delays, interruptions and downtime in production, distribution and delivery processes.

This can lead to significant financial losses and decreased productivity – never mind the reputational damage. Attacks can also result in lost business opportunities, contractual penalties and customer dissatisfaction, further impacting the financial stability of the supply chain.

A supply chain – now more than ever – must work on transparency and trust – but an attack can completely undermine that trust in seconds. If it spreads to interconnected partners, amplifying impact, it can lead to ruined relationships and a loss of confidence in the security and reliability of the supply chain.

JUMPSEC’s research revealed an overall spike in ransomware attacks on the transport sector last year, a sector crucial to the supply chain.

Why are we seeing increased ransomware attacks against transport and logistics organisations?  

There are several reasons why the transport sector might be experiencing higher-than-average levels of ransomware activity. Transport and logistics organisations have a distinctive profile from an attacker’s perspective that make them a more lucrative prospect, particularly in the current threat landscape.

Firstly, the potential to cause serious business interruption for transport sector organisations is immense. Airports, shipping ports, rail operators and logistics companies are all prime ransomware targets, unlike other sectors that ransomware attackers initially found easy to breach but more difficult to extort due to an inability to cause meaningful disruption, construction, for example.

The sector also offers an extensive attack surface. Transport and logistics organisations are highly dependent on supply chain integration and play a key role within the end-to-end value chain. They also use specific technical equipment like satellite communication and IoT technologies which increase the potential attack vectors leveraged by cyber criminals. JUMPSEC’s observed instances where interconnected shipping organisations were breached concurrently, illustrate the scope of supply chain risks to transport and logistics organisations.

Thirdly, cyber criminals are known to strike at organisations already in a state of disruption to add to the chaos and maximise the potential for extortion. To name a few recent instances – the energy crisis, the post-Brexit lorry drivers’ debacle, and the chaos experienced by thousands of passengers at airports last year, and UK ferry terminals this year. Overall shipping and delivery times have also fallen as capacity decreased by an estimated 10-15% globally in 2022.

What type of organisations should be concerned by this rise in ransomware attacks?

It is worth stating that ransomware attacks are increasing across many industries, not only transport or logistics.  However, JUMPSEC observed that scale and ambition of attackers targeting the sector has seen a significant shift from 2021-22. Whereas in 2021 a considerable proportion of reported attacks were directed at smaller sized national motor freight businesses, we witnessed an increased number of attacks in areas like aerospace, airport authorities, airlines, high-end manufacturers, and larger international logistics organisations last year.

Is legislation the answer?

Of course, legislation itself is not a defence against attacks, and even the most suitable laws will only serve to limit the impact of cyber attacks in the long run.

There is significant debate about which laws could be introduced to better combat ransomware for example, with some advocating that making ransomware payments should be illegal. Others argue that more measures should be taken to promote proactive transparency from victimised organisations – arguably a more positive move to combat such a complex long term issue.

Given that cybercriminals survive on the continued payment of ransoms, precipitated in part by the reputation damage attacks can have, greater transparency and acceptance that a cyber attack can happen to any organisation could also take significant bargaining power away from attackers.

Trading app Coinbase for example recently exemplified  a move towards greater transparency post-attack by sharing the details and stating they “want our employees, customers, and the community to hear the details of this attack and to share the Tactics, Techniques, and Procedures (TTPs) used by this adversary so everyone can better protect themselves.”

In the context of a supply chain attack, Coinbase’s demonstration of transparency would be vital for potential secondary victims to take appropriate steps to protect their business. Unfortunately, this is not yet the norm as many organisations a fearful of reputation damage or regulatory repercussions.

The National Cyber Security Centre (NCSC) and the Information Commissioner’s Office (ICO) have teamed up to provide clarity for organisations who want to proactively deal with incidents.

What actions can be taken to avoid a ransomware attack on your supply chain?

Including cybersecurity requirements in your supplier and partner contracts should be standard practice. Specify minimum security standards, data protection protocols, incident reporting procedures, and liability provisions in case of a cyber security incident.

Vendor assessments are now also a no-brainer. Conduct thorough assessments of vendors’ cybersecurity practices before engaging in business relationships. Evaluate their security controls, incident response capabilities, data protection measures and adherence to industry standards and best practices.

Of course, simply requiring suppliers to complete self-serve due diligence or demanding certain accreditations is not always enough to tackle the scale of the security challenges that smaller, less cyber-mature or under-resourced organisations face. Collective security initiatives that enable smaller organisations to leverage the resources and capabilities of their larger partners will go some way to improving and increasing supply chain resilience.

While we are not seeing any spikes in ransomware-related attacks so far this year, attacks against most sectors are rising to a degree as total attack rates are generally rising.

JUMPSEC will release a Q2 2023 mid-year update which will include a detailed sector-by-sector breakdown. For more details of JUMPSEC’s ransomware reports, click here, where you can also sign up for JUMPSEC quarterly ransomware updates.