By Hans Allnutt & Amanda Fosu

|

Published 22 July 2022

Overview

The rise in the use of online shopping and the importance of quick and reliable shipping during the pandemic saw an increase in the global reliance on delivery companies.   With this increase came a significant uptick in cyber-incidents relating to this industry, whether low-level spam emails pretending to be in respect of missed deliveries, or ransomware attacks directly on delivery companies.

One recent incident, which impacted the delivery of parcels in the UK, was the June 2022 cyber attack on one of the UK’s biggest shipping companies, Yodel. The suspected ransomware attack caused delays in parcel distribution with online tracking and customer services going offline for days.

Fortunately, Yodel confirmed that it does not store or process customer payment information so no customer financial data was impacted by the cyber incident. However, Yodel no doubt held personal data such as customer addresses, names, telephone numbers and email addresses – enough information for cyber criminals to keep up their efforts in targeting individuals by sending out phishing emails and smishing texts purportedly from delivery companies. Yodel has encouraged its customers to be alert to any unsolicited and unexpected communications requesting personal data and to be cautious if asked for information by someone alleging to be a Yodel employee.

Further afield, in December 2021, one of the largest international providers of airfreight and sea freight delivery services was also impacted by a cyber incident which forced the company to stop taking new orders for a short period and disconnect its data centres around the world. Hellmann Worldwide Logistics confirmed that it was impacted by a phishing attack. In this instance, the cyber criminals successfully exfiltrated around 70GB of data which was later published on the threat actor’s, RansomEXX, leak portal. This data included customer names, user IDs, email addresses and other credentials which again led to a warning to customers to beware of the potential for an increasing number of fraudulent calls and emails as the threat actor attempted to monetise the exfiltrated data.

Another consequence of cyber attacks on delivery companies was seen following a ransomware attack on Expeditors in February 2022. Expeditors confirmed that, particularly during the first three weeks after the attack, its operations suffered as the company struggled to adjust to a new operating environment. Further, the company incurred approximately $40 million as a result of its inability to timely process and move shipments through ports. A further $20 million was incurred in investigating and recovering its systems following the cyber attack.

Overall, whilst the rise in attacks against delivery companies has not led to the exposure of “high risk” personal data such as financial information and identity documents, even obtaining basis personal identifiers allows threat actors to monetise the exfiltrated data as they go on to send phishing emails and smishing texts purportedly from delivery companies. The prevalence of the scam and success threat actors are having in targeting customers in this way can be seen by the guidance released by various organisations such as the NCSC, Royal Mail and public bodies on avoiding scams sent via ‘missed parcel’ messages.

According to cybersecurity company Proofpoint, parcel and package delivery scam were the most prevalent type of smishing in 2021 with ten times more scam messages seen in 2021 than 2020. Furthermore, the financial impact on the delivery company itself can be extensive as seen by the attack on Expeditors as parcels are delayed and shipments halted whilst systems have to be taken offline and recovered. Unfortunately, delivery companies are not exempt from falling victim to cyber attacks and will likely continue to be a profitable target for cyber criminals.

Authors