In March 2024, the Seattle-based freight company Radiant Logistics suffered a ransomware attack that resulted in a severe disruption of its services in Canada. Security researchers who analyzed the incident believe that the attack may have been carried out by APT28 or Fancy Bear, two cybercrime groups known to wage cyber warfare on behalf of the Kremlin. The motive may have been the military support provided by the United States and Canada to Ukraine since Russia invaded the Donbas region in February 2022.

Cyber attacks on logistics and supply chain networks have been multiplying in recent years, and there is strong evidence that the perpetrators in many cases are part of cyber warfare strategies. When it comes to cyber defense, the logistics sector is now considered part of critical infrastructure, which means that it is a valuable target for adversaries. What this means for companies operating in this sector is that they should be implementing the following information security measures:

Two-Factor Authentication (2FA) to Prevent Phishing

Implementing a strict 2FA policy can prevent up to 99% of phishing attacks, which leading logistics industry associations declare to be the root of many cyber security risks and threats. Even the most secure data networks can succumb to a single phishing attack, so 2FA is in the premier interest of companies in this sector.

In essence, 2FA adds an extra layer of security by requiring two distinct forms of verification before granting access. This typically involves a combination of something that is known, such as username/password credentials, with something you have, such as a physical token or mobile device. More advanced 2FA methods include biometrics, typically fingerprint scanning. When accessing online accounts, users might be required to input a password and then verify their identity through a code sent to their smartphone, generated by a hardware token, or by using fingerprint recognition.

Phishing attacks rely on tricking victims into revealing sensitive information. Even if a “phisher” manages to acquire a user’s password through deceit, they would still need to bypass 2FA, thus making it extremely difficult to compromise an account.

Securing Vehicle Telematics

In 2023, the Russian APT28 group claimed responsibility for a cyber attack that exploited an Outlook mail server vulnerability to breach the cloud servers of logistics, defense, and aerospace firms contracted by the German government. The attack was a response to the transfer of weapons from Germany to Ukraine, and it was preceded by hackers probing vehicle telematics to penetrate data networks.

Telematics sensors that connect to the Internet of Things (IoT) provide valuable data for fleet management and optimization; however, they can also serve as entry points for hackers. When tick sensors are not adequately secured, they can provide hackers with a foothold into a company’s network, thus allowing them to access sensitive data, disrupt operations, or even control the vehicle remotely.

Secure Data Backup and Recovery Systems

In the Radiant Logistics incident, operations were disrupted for several days, but the company prevented the ransomware attacks from spreading to American networks. Canadian operations resumed after a full recovery from secure backup locations, and ransom payments were not made.

Ransomware attacks are the common threats faced by logistics companies these days. With an adequate data backup and recovery system in place, damages caused by ransomware incidents can be substantially mitigated. Security, redundancy, and efficient recovery are the factors to keep in mind when implementing this measure.

Published by: Martin De Juan