Customer, employee logins likely target of spear-phishing attack, expert says
Nate TabakFollow on TwitterWednesday, March 9, 2022 2 minutes read
Listen to this article0:00 / 3:121XBeyondWords
Hapag-Lloyd said it remains vigilant after discovering a copy of its website online that the shipping line believes was set up by cybercriminals as part of a planned spear-phishing attack.
“We are thoroughly monitoring this,” Hapag-Lloyd spokesperson Tim Seifert wrote in an email to American Shipper on Wednesday. “So far, we have no indication of any compromised data.”
The Hamburg, Germany-based company said it discovered the website Monday and concluded it was set up for the purposes of spear-phishing. Spear-phishing typically involves emails that appear to come from a trustworthy source and lure recipients to malicious websites designed to collect sensitive information or install malware, including ransomware.
Hapag-Lloyd disclosed few details about the fake site or the kind of information it may have been attempting to obtain. Phishing sites are themselves common and relatively easy to make.
Brett Callow, a threat analyst with cybersecurity software firm Emsisoft, said Hapag-Lloyd’s description of the site suggests the company believes “its purpose is to capture either employee and/or customer logins.”
“While this is less common than generalized phishing attacks, it’s not particularly unusual,” Callow said.
If cybercriminals have obtained any logins from Hapag-Lloyd customers or employees, that access could be leveraged for a variety of purposes.
‘Pontential for some mayhem’
Russ Felker, chief technology officer of Trinity Logistics, said customer portal access could allow criminals to make changes to shipments or payments.
“You have the potential for some mayhem,” Felker said, adding that the risk to Hapag-Lloyd’s operations is likely low.
Hapag-Lloyd, for its part, is advising customers to change their logins, use extra vigilance with incoming emails and manually enter its web address rather than click links.
While there is no indication that Hapag-Lloyd has been compromised, Felker said the criminals behind the spear-phishing site likely had an interest in the company itself.
“I don’t think you set up a spear-phishing site without wanting to have some access to the company,” he said.
Ukraine invasion raises cyber risks
Hapag-Lloyd marks the latest major player in the global supply chain targeted by cybercriminals. Expeditors International is continuing to recover from a crippling cyberattack that took place more than two weeks ago, while Hellman Worldwide was targeted in a ransomware attack in December.
The risks have also intensified following Russia’s invasion of Ukraine. The Cybersecurity and Infrastructure Security Agency warned in February that businesses should be prepared for more attacks.
“Every organization — large and small — must be prepared to respond to disruptive cyber activity,” the agency wrote in a Feb. 25 advisory.