In June of 2017, malware known as NotPetya infected A.P. Moller – Maersk, a shipping company with headquarters in Copenhagen, Denmark. The ransomware attack spread across the globe and created significant port delays in New York, New Jersey, Los Angeles, Rotterdam and around Mumbai. The infected terminals couldn’t move cargo for two days. As a result, those infected lost $200 to $300 million and their operations weren’t returned to normal until two weeks later.[i]
As cybersecurity threats become increasingly common, more industries—including transportation and logistics—are suffering as targets. While a cyberattack may not result in a data loss, the disruption in business can lead to significant financial loss as shipments and logistical operations are delayed. Other cyberattacks, like phishing scams, can negatively affect an organization’s payment operations.
A client recently contacted BKD regarding a cyberfraud issue and discovered they were part of an elaborate phishing scheme. The client called one of their clients to discuss a past due invoice and their client responded that they made the payment two weeks ago, stating they followed the instructions on the email they received from the vendor about the new bank account and wiring information.
This phishing scheme intended to divert payment to a hacker’s account. The malicious actor went into the organization’s email system in the cloud and redirected any emails with key words to their personal account. After collecting client names and email addresses, they responded through an email account that posed as the legitimate organization’s email. This phishing email included information about the new bank account and wiring instructions.
During this same period, another client encountered an issue when making a payment based on a phishing email they received. The email looked legitimate and appeared to be from the vendor. This client’s funds went into the cybercriminal’s account and the client was still subject to pay the same amount to the actual vendor.
This is one of the more common cybercriminal activities against organizations that rely on wire transfer payments—and doesn’t even require a hack into the company’s network, only the use of a fake email account. For example, if the actual business email is Michael@MyCompany.com and the cybercriminal uses Michael@MyCompeny.com, clients might not notice the address is misspelled by one letter unless they’re really paying attention.
It’s important companies that rely on wire payments take preventative measures to improve their cybersecurity and minimize the risk of financial losses.
Here are a few recommendations:
- Invoices & Payments – Contact the actual vendor by phone after you’ve received an email regarding changes to payments. Verify the email is from them and the new instructions are valid. Then verify the account number to receive payment.
- Security Awareness – Hold annual security awareness training sessions. Cybercriminals are continually creating new tactics and exploits against organizations of all sizes. Setting reminders throughout the year can help your team members stay alert to these threats.
- Security Assessments – Have your existing cybersecurity policies and procedures reviewed annually. Network penetration testing can identify vulnerabilities in your infrastructure and potential malware.
- Cyber Insurance – Transfer risk in the event of a hack, ransomware or phishing attack with cyber insurance. Understand what’s covered and what can disqualify a claim and check that your policy covers phishing and fraud attacks.
- Incident Response – Test your organization’s ability to respond to an attack through a third party. No one likes to think their organization will be a victim to a cybercrime, but being prepared on what to do if it does happen can save your organization time, money and potentially reputational damage.
BKD Cyber is dedicated to helping organizations assess their cybersecurity risks, improve their cybersecurity protections and respond to a breach. For more information, contact your BKD trusted advisor.
[i] The Los Angeles Times, “Cyberattack cost Maersk as much as $300 million and disrupted operations for 2 weeks”, https://www.latimes.com/business/la-fi-maersk-cyberattack-20170817-story.html
Wired, “The Untold Story of NotPetya, the Most Devasting Cyberattack in History”, https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/
Cyren Security Blog, “Cyber pirates targeting logistics and transportation companies”, https://www.cyren.com/blog/articles/cyber-pirates-targeting-logistics-and-transportation-companies