Cybersecurity at ports and terminals: Beware the out-of-ordinary

"Phishing" is a term for cybersecurity exploits in which malicious actors trick users into revealing information or providing access to systems by impersonating other legitimate entities. In contrast to the automated, often clumsily worded scams that most e-mail users are familiar with, companies may also face carefully targeted, customised attacks that are far more sophisticated and harder to detect.   

"Targeted phishing attacks directed at people and teams in the business interface between companies are actually one of the most serious cybersecurity threats for ports and terminal operators," says Jouni Auer, Chief Information Security Officer, Kalmar. "The sums of money that are involved in typical contracts in our industry can be significant, so they also present an attractive target for cybercriminals."

Targeted phishing attacks directed at people and teams in the business interface between companies are actually one of the most serious cybersecurity threats for ports and terminal operators

Going for the big score

Targeted phishing attacks often involve intercepting e-mail conversations between vendors and customers through breaches in e-mail systems, as well as sending legitimate-looking e-mails from domains that visually resemble the genuine e-mail address. The ultimate goal of the attack is typically to route one or more payments to a bank account controlled by the attacker, or to gain system credentials or inside information that enable further exploitation.

These types of tailored attacks can be extremely credible, since they often involve extensive research by the attackers over a period of many months as they map the contacts and organisation of the target company, and gain familiarity with the specific transaction to be compromised.

"Targeted phishing attacks are the cybercrime equivalent of big game hunting," says Jouni Auer. "They can be very hard to detect and may have disastrous financial consequences, so they represent a vastly more dangerous threat than the usual bulk e-mail scams. Users are often advised to look out for spelling errors or other similar mistakes when evaluating the legitimacy of e-mails, but in the case of a genuine tailored attack, the messages can be extremely well written and convincing."

They can be very hard to detect and may have disastrous financial consequences, so they represent a vastly more dangerous threat than the usual bulk e-mail scams.

Over the last few years, Auer and Kalmar's cybersecurity team have seen several cases of customer systems being breached, allowing attackers to intercept ongoing e-mail conversations and gain an understanding of a pending financial transaction for exploit purposes. "Most often, simple cybersecurity precautions such as enabling multifactor authentication would have averted these incidents," Auer points out. "However, in some attacks, we have seen sophisticated attackers bypass even this protection layer on the customer side."

Most often, simple cybersecurity precautions such as enabling multifactor authentication would have averted these incident

Red flags and alarm bells

Kalmar has set up its e-mail system in line with the most stringent e-mail authenticity standards in the industry, which prevents attackers from mimicking emails sent from kalmarglobal.com addresses. In addition to enabling these features for their own systems, how should companies prepare for sophisticated phishing attacks? When should suspicions be raised when reading a legitimate-looking e-mail that appears to be from a customer, vendor or business partner?

"Targeted phishing attacks almost always target some kind of financial transaction, so this can be a warning flag in itself," Jouni Auer points out. "For example, it's very rare for companies such as Kalmar to change their bank account numbers. So if you get an e-mail with information or a request that is non-routine in any way, there is no harm in just calling the person through the company switchboard and verifying the request. And you can be sure that Kalmar's CEO or CFO won't be sending you urgent WhatsApp messages over the weekend, requesting some financial transaction to be completed."

Targeted phishing attacks almost always target some kind of financial transaction, so this can be a warning flag in itself