Watch Now

6 lessons learned about cybersecurity and freight in 2021

Ransomware attacks deliver more pain, important takeaways

DAT was targeted in an alleged security breach. (Illustration: Sasun Bughdaryan/Shutterstock)

It was once again another rough year for cybersecurity and freight. The main reason: ransomware attacks, in which criminals encrypt data and demand payment, sometimes in the millions of dollars, in exchange for unlocking it. Even though the U.S. government has been taking an increasingly aggressive approach to fighting ransomware, the attacks have continued. They hit companies across the supply chain, including trucking, logistics, freight factoring, freight forwarding — and even fuel bunkering. Here’s what we learned along the way

1 Big carriers are still in the crosshairs: The cyberattack on Wisconsin-based Marten Transport in October showed yet again that major carriers continue to be vulnerable. Marten never officially described the incident as a ransomware attack. But the company’s description of it in an SEC filing and the appearance of stolen data on a ransomware gang’s leak site suggest one may have occurred. Sources told FreightWaves that the attack brought down the company’s operations system — something Marten disputes. Regardless of what befell Marten, the incident marked the single largest publicly known cyberattack on a major carrier in 2021.

A graphic illustration of two trucks being unloaded and screen displaying "files encrypted' to illustrate an ransomware attack on a trucking company.
Ransomware attacks can cripple operations at trucking and logistics companies by encrypting the data of vital systems. Increasingly, hackers are stealing data, too. (Emily Ricks/FreightWaves)

2 Ransomware remains the No. 1 threat, regardless of how small you are: Ransomware attacks remain the single biggest cyber threat to transportation and logistics companies. While high-profile incidents like the attacks on Colonial Pipeline and JBS Foods grabbed headlines and the attention of the U.S. government, hackers go after companies of all sizes. In February, the manager of a small carrier with 25 trucks shared his harrowing experience of an attack. The hackers also accessed the carrier’s transportation management system, sending screenshots of it — showing the potential for sabotaging trucking operations. “It was very alarming,” the manager said. “They could have cost that side of the business altogether. It’s scary to think about that.” That level of access isn’t unusual in successful ransomware attacks.

Watch now: Why hackers see cold storage as ‘prime target’

3 Technology is a double-edged sword: The digital renaissance that has swept across transportation and logistics companies has been a good thing for the supply chain. Improvements in connectivity and visibility allow freight to move efficiently and reliability. But companies can end up introducing vulnerabilities if they aren’t careful. “There’s still so much happening in transportation, around digital transformation and introduction of different types of digital communications between companies,” GlobalTranz Chief Operating Officer Russ Felker told FreightWaves. “Every digital transformation a company puts in place is a potential security incident.” 

A lock displayed on a virtual circuit board to represent cybersecurity along the hood of a truck;
The threat environment for transportation and logistics companies demands a serious approach to cybersecurity. (Photo: Jim Allen/FreightWaves)

4 A ransomware attack doesn’t have to be catastrophic: When ransomware attacks are successful, they can bring down a company’s entire IT infrastructure. That downtime can be extremely costly for trucking and logistics providers, so much so that some firms find it cheaper to pay the criminals. According to cybersecurity experts, these kinds of catastrophic attacks aren’t an inevitability. “Many attacks can be prevented or at least minimized by implementing security best practices,” Jérôme Segura, director of threat intelligence at Malwarebytes, told FreightWaves in May. “But the day-to-day reality is that many organizations are not prepared and are not doing enough,” Segura said. Hackers frequently exploit known vulnerabilities in unpatched systems or take advantage of malware delivered through a phishing email. But given the vast and complicated nature of networks, companies also need to go beyond trying to close off all the doors and training personnel to identify phishing. They need multilayered defenses, which can ensure that an entire network isn’t brought down.

A illustration of a man in a burglar outfit running across 1s and 0s to illustrate data theft during a ransomware attack.
Hackers frequently steal data before activating a ransomware attack. (Illustration: TarikVision/Shutterstock)

5 Get hacked? Call a lawyer: Cybercriminals also commonly access and steal data from their victims to gain additional leverage in ransomware attacks. As a result, companies face a minefield of state data disclosure laws and the risk of costly litigation. That’s why companies or their insurers waste little time to call lawyers who specialize in cyber incident responses. In July, South Carolina lawyer Carrie Palmer explained how she helped guide a trucking company through the aftermath of an attack. One of the dilemmas facing the carrier: whether to pay the ransom. “The decision was made to not engage in a … ‘we-don’t-negotiate-with-terrorists’ kind of thing,” Palmer said.   

An illustration of a bulgar wearing a striped shirt using a vacuum to pull data from a computer, illustrating an article about cyberthieves who steal data.
The operators of the Marketo leak site claim to have stolen data from heavy truck manufacturer Navistar. (Illustration: solar22/Shutterstock)

6 Cybercriminals with values? After truck maker Navistar fell victim to a cyberattack, stolen data from the company appeared on a dark web marketplace called Marketo. In an interview with FreightWaves, the operators of the site sought to distinguish themselves from the cybercriminals who engage in ransomware attacks. “We do not encrypt any data,” Marketo said. “We do not block the work of networks and do not seek to cause damage and shut down the company.” Such attacks, the group said, are “against our moral principles.” Marketo’s claims are suspect since the group has posted data stolen during ransomware attacks. But even if Marketo is telling the truth, mere data theft can be incredibly costly. Navistar is itself facing a lawsuit in connection with the data breach that Marketo took credit for.

Read more

Click for more FreightWaves articles by Nate Tabak

Nate Tabak

Nate Tabak is a Toronto-based journalist and producer who covers cybersecurity and cross-border trucking and logistics for FreightWaves. He spent seven years reporting stories in the Balkans and Eastern Europe as a reporter, producer and editor based in Kosovo. He previously worked at newspapers in the San Francisco Bay Area, including the San Jose Mercury News. He graduated from UC Berkeley, where he studied the history of American policing. Contact Nate at [email protected].