10145990287?profile=RESIZE_400xLogistics and freight forwarding giant Expeditors International announced a cyber-attack on 20 February that crippled some of their operating systems and continues to slow their operations around the globe.  The Seattle-based freight company, which brought in $10.1 billion in revenue last year, said they shut down most of their operating systems globally after discovering the cyber-attack.  "The situation is evolving, and we are working with global cybersecurity experts to manage the situation. While our systems are shut down, we will have limited ability to conduct operations, including but not limited to arranging for shipments of freight or managing customs and distribution activities for our customers' shipments," the company said in a statement.[1]  "We are conducting a thorough investigation to ensure that our systems are restored both promptly and securely, and on a parallel track, evaluating ways with our carriers and service providers to mitigate the impact of this event on our customers.  Since it is extremely early in the process, we cannot provide any specific projections on when we might be operational.  Still, we will provide regular updates when we are able to do so confidently. We are incurring expenses relating to the cyber-attack to investigate and remediate this matter and expect to continue to incur expenses of this nature in the future. Depending on the length of the shutdown of our operations, the impact of this cyber-attack could have a material adverse impact on our business, revenues, results of operations and reputation."

Expeditors did not explain if the attack was ransomware and did not respond to media requests for comment.  On 20 February, it said systems may be unavailable as they try to secure their system, noting that, "backup procedures are being implemented."  Another update was released on 21 February explaining that the company's global operations were still being affected by the attack.  Expeditors said it was working through its crisis management and business continuity response plans but was still struggling to recover.

Expeditors has thousands of employees across 350 locations in more than 100 countries. It has become just the latest logistics company to be hit with a cyberattack over the last month.  Earlier this month, Swiss airport management service Swissport reported a ransomware attack affecting its IT systems that were later attributed to the BlackCat ransomware group. Another cyber-attack on two German oil suppliers forced energy giant Shell to reroute oil supplies to other depots over the last month.  The German Federal Office for Information Security (BSI) said the BlackCat ransomware group was also behind the incident, which affected 233 gas stations across Germany.

Multiple ports in Belgium and the Netherlands reported issues after a cyber-attack affecting IT services in early February.  Terminals operated by SEA-Tank, Oiltanking, and Evos in Antwerp, Ghent, Amsterdam, and Terneuzen were all dealing with issues related to their operational systems.  In a statement to media, Oiltanking said it "declared force majeure" due to the attacks.  A spokesperson from Evos said at the time that they were continuing to operate their terminals but were having some delays after the attack disrupted IT services at terminals in Terneuzen, Ghent, and Malta.  Prosecutors in Antwerp opened an investigation into the cyberattacks.

In December 2021, billion-dollar logistics firm Hellmann Worldwide Logistics reported a cyber-attack that forced them to temporarily remove all connections to their central data center.  The company said the shutdown was having a "material impact" on their business operations.  The German company operates in 173 countries, running logistics for a range of air and sea freights as well as rail and road transportation services.  The company had a revenue of nearly $3 billion last year.[2]

Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization who has long collected and analyzed cyber indicators.  For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@wapacklabs.com    


Weekly Cyber Intelligence Briefings:

Weekly Cyber Intelligence Briefings:

 REDSHORTS - Weekly Cyber Intelligence Briefings


[1] www.zdnet.com/google-amp/article/billion-dollar-logistics-giant-expeditors-struggling-to-recover-from-cyberattack/">https://www-zdnet-com.cdn.ampproject.org/v/s/www.zdnet.com/google-amp/article/billion-dollar-logistics-giant-expeditors-struggling-to-recover-from-cyberattack/

[2] https://www.zdnet.com/article/german-logistics-giant-hellmann-reports-cyberattack/

E-mail me when people leave their comments –

You need to be a member of Red Sky Alliance to add comments!

Join Red Sky Alliance