Something was very wrong at Forward Air on December 15, 2020. The company’s website was completely down. No one answered the customer service lines. Customers were waiting — and waiting — and waiting — for scheduled arrivals. And with all systems down, those customers had no way to get any information or track their packages. This incident shows the importance of cybersecurity in the response to this attack.
Forward Air, a ground and air carrier company headquartered in Greenville, Tennessee, was relatively open about communicating the event, first with an official statement referring to a “security incident.” When Forward Air updated the statement with three key words, “called law enforcement,” the trucking and logistics industry quickly jumped to the accurate conclusion that Forward Air was the victim of an attack, likely ransomware.
Hades Ransomware Attack Cost $7.5 Million
Over the past few weeks, the full picture of what happened has started to emerge. It highlights the importance of cybersecurity through interviews and the documents Forward Air has filed with the Security and Exchange Commission.
In brief, the Hades malware gang, which was formed about a week before this attack with the goal of targeting enterprises, attacked them with ransomware.
Initially, Forward Air’s Chairman and CEO Thomas Schmitt reported that the company would be down for two weeks. Surprisingly, Forward Air was back up and running at full speed within two days — a feat Schmitt attributes to the company’s expert team and preparedness. But even with a relatively best-case response, the publicly-traded company reported the ransomware attack cost them $7.5 million in Q4 2020.
The company didn’t release details of the actual sequence of events, which is best practice after such an attack. So, I decided to find out how Forward Air’s reaction to the attack helped or hindered their recovery. What role did security awareness training play in their response? What can other shipping and logistics companies learn from the attack? And, how can the industry protect itself to prevent similar (or worse) attacks in the future?
Why Shipping and Logistics Companies Are Lucrative Targets
My first question was: Why target a shipping and logistics company? I understood why health care organizations are vulnerable — private patient information is valuable and protected by law. Trust between providers and patients is at the core of that work, meaning health care organizations are likely to pay to get patient data back. But at first glance, although I know the importance of cybersecurity in all industries, the seemingly targeted attacks puzzled me. Other companies in the industry have also recently been attacked.
Shipping companies exchange money in much larger amounts than other industries of similar sizes, making them higher-value targets. Or as Mark Murrell, co-owner of online truck driver training provider CarriersEdge, told Specialty Freight Services in a November 2020 article — a high dollar business.
“That means companies have relatively large amounts of cash or credit available, and they’re used to paying pretty big bills,” says Murrell. “If you successfully execute a ransomware attack, you can extract a higher payment than you’d get targeting small and midsize companies in other, lower-dollar industries.”
On top of that, shipping and logistics companies hold the key to getting our world back to some sort of normal with the COVID-19 vaccine. And in the cybersecurity world, the higher the value, the more a company (or government) may be willing to pay to get their data back. With attacks already starting at key parts of the vaccine chain — such as an email phishing scheme targeting the cold chain — shipping and logistics companies are likely to be a lucrative (and popular) target in the months to come.
While digital safety is not an easy (or…
Read More: Preventing Attacks on Shipping and Logistics