Cybercriminals have extended their cyberattack targets ranging from supply chains to critical infrastructures. While some threat actors try to penetrate vital network systems and compromise, other cybercriminal groups trade initial access credentials on the dark web. The latest analysis from Intel 471 revealed that the present trends of underground darknet markets have been changing exponentially. It was found that network access brokers (NAB) or initial access brokers (IABs) trade login credentials of international shipping and logistics companies on the dark web.
Shipping and Logistic Firms Targeted
The increasing risks of cyberthreats become a severe crisis to logistics and shipping organizations worldwide, as they operate across air, ground, and maritime and are responsible for shifting critical goods. Hacker intrusions on these companies could have a massive impact on the global consumer economy as they transport billions of dollars worth of consumer goods.
Intel 471 identified a new threat actor and credentials broker in July 2021, claiming to have access to a network owned by a Japanese container transportation and shipping company. The attackers dumped the credentials belonging to over 50 companies on the dark web for sale. In August 2021, the researchers found Conti ransomware operators claiming access to corporate networks belonging to a U.S.-based transportation management and trucking software supplier and a U.S.-based commodity transportation services company.
Intel 471 stated that the threat actors had obtained credentials by exploiting vulnerabilities in remote access solutions such as Remote Desktop Protocol (RDP), VPNs, SonicWall, and Citrix. “Over the past few months, Intel 471 has observed network access brokers selling credentials or other forms of access to shipping and logistics companies on the cybercrime underground. The actors responsible for selling these credentials range from newcomers to the most prolific network access brokers,” Intel 471 said.
Stealing login credentials and trading them on the dark web has become a common attack vector for various cybercriminal groups and affiliates. Several threat actors misuse these credentials to exploit the critical network systems, encrypt them, and demand ransom. The threat to critical infrastructure affects the consumer economy of a country. It is also one of the reasons why ransomware impacted organizations are compelled to pay ransom to restore their services at the earliest.
From fuel services, health care services, and food processing supply chains, threat actors exploit every sector to their advantage. Colonial Pipeline, JBS, and Kaseya attacks exemplify how ransomware is getting bigger by the day.