The Port of Los Angeles has been making headlines after sharing an eye-opening statistic; the port faces around 40 million cyber-attacks per month. As the busiest port in the western hemisphere handling $250 billion of cargo each year this astounding number of attacks could wreak havoc on the supply chain and international commerce.
The number of attacks has more than doubled since the beginning of the Covid-19 pandemic. The pandemic has also impacted the port’s efficiency as workers were forced to stay home leaving containers stranded at port facilities. The strain of falling behind schedule has since eased however the rise in cyber-attacks continues to pressure the port. The port’s executive director, Gene Seroka has stated that the cyber-attacks are primarily coming from Europe and Russia with intent to disrupt the US economy.[1]
To curb the impact of these cyber-attacks the Port of Los Angeles has teamed up with the Federal Bureau of Investigation (FBI), investing millions of dollars to develop the world’s first Cyber Resilience Centers. The Cyber Resilience Center will help provide enhanced intelligence gathering that can be used to protect the maritime industry from cyber-attacks targeting international supply chains. Stakeholders within the maritime industry including port operators and shipping companies can leverage this threat intelligence
The maritime industry as a whole is susceptible to a variety of cyber-attacks including ransomware, malware, spear phishing, and credential harvesting. More information about maritime attacks, particularly phishing and vessel impersonation can be found here:
https://redskyalliance.org/xindustry/motor-vessel-mv-motor-tanker-mt-impersonation-july-2022
Using the Cyber Threat Analysis Center (CTAC) tool by Red Sky Alliance, analysts searched for indicators of cyber-attacks targeting the Port of Los Angeles. A simple search of the domain, “portla.org” yielded six breach data hits. In the table below we list the obfuscated username that was compromised, the breach it was compromised in, the total number of credentials in the breach, and the date that the breach data was published.
Looking at the information from CTAC we have determined that four of the six passwords associated with these accounts were weak and susceptible to brute force cracking or dictionary attacks. The other two credentials that were published included usernames and the associated password hash. The hashed passwords were likely taken from a database and the attacker either lacked the time or resources to crack the hashes. The published file that contained this information had a total of 362,816 usernames and password hashes. The astounding number of compromised credentials points to a need for multifactor authentication, strong enforceable password policies, and improved cyber hygiene.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@wapacklabs. com
Weekly Cyber Intelligence Briefings:
- Reporting: https://www. redskyalliance. org/
- Website: https://www. wapacklabs. com/
- LinkedIn: https://www. linkedin. com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://attendee.gotowebinar.com/register/5504229295967742989
[1] https://www.msn.com/en-us/news/world/cyber-attacks-on-major-port-double-since-pandemic/ar-AAZRjqa
Comments