Beware - Ransomware


Cyfirma detects cyber threats attacking the logistics industry

As per CTI investigations, the ransomware attacks were one of the most critical cyber threats trending across the transport & logistics industry in December 2022.

Ransomware-as-a-Service (RaaS) business is growing and attacks became more frequent and malicious using techniques such as insider threats, double extortion, triple extortion by blackmailing subsidiaries, partners, etc. These attacks can have indirect repercussions on process control networks and manufacturing operations by targeting properties such as fleet management, logistics, sales operations, and fulfillment.

In a recent attack United Kingdom-based transportation services provider Menzies Aviation has been compromised by LockBit ransomware group.

CYFIRMA Insight:

  • The transportation and logistics industry is a tempting target for ransomware groups because successful ransomware attacks disrupt the supply chains of hundreds or thousands of other businesses, increasing the pressure to pay the ransom quickly to restore service. Furthermore, the business's highly interconnected nature presents multiple points of malware infiltration, resulting in the rapid spread of ransomware along the chain of systems.
    Another reason attackers target this industry is a lack of investment in cybersecurity infrastructure because transportation and logistics have low margins and are competitive businesses.
  • 21 different ransomware groups targeted around 76 Transport & Logistics organizations across the globe in 2022. The LockBit ransomware group added the most victims to its list from the industry in 2022.

 The following trends have been observed:

  • The attack methods leveraged by ransomware group has been shifting from social engineering (predominately phishing) to exploitation of vulnerabilities.
  • New Trend - ALPHV ransomware gang cloned victim’s websites to leak stolen data. Ransomware operations have always looked for new options to extort their victims. Between publishing the name of the breached company, stealing data, and threatening to publish it unless the ransom is paid, and the DDoS menace, this tactic could represent the start of a new trend that may be adopted by other ransomware gangs, especially since the costs to do it are far from significant.
  • In December CYFIRMA research team observed threat actors using Microsoft Exchange as a prime target for gaining initial access to corporate networks to steal data and deploy ransomware.

If you are looking for the best protection to avoid increasing cyber-attacks, get on the safe side with Cyfirma and enjoy maximum security IT protection. With the power of Cyfirma’s effective tools like DeCypher or Detect, your company will be able get the information that can save your assets.


May we help?

If you have any questions or would like an offer or a demo about our IT security solutions, please contact Prianto by phone or email! We look forward to hearing from you!

If you want to be up to date with the latest technologies and solutions available, subscribe to our newsletter here!