TQL cyber breach is latest example of the industry's vulnerability to hacking

Dive Brief:

Total Quality Logistics (TQL) was hit by a cyberattack on Sunday that compromised its carrier portal, potentially opening up access to carrier's "carrier accounts, including, in many instances, tax ID numbers and bank account numbers," according to the company's website.
The breach was "an information/data phishing attempt," according to an announcement on the company's website. "Our IT security teams identified the issue quickly and countered immediately to secure all online information." The company believes any access the hackers had has now been blocked. TQL is the 25th largest logistics company and second largest freight broker by revenue, according to Transport Topics.
Carriers that had data compromised as a result of the attack have been notified via email, TQL said. As of Sunday, the most recent date provided, 20 carriers had been contacted. The company has since "hired a third-party cyber security firm for additional forensics and testing to confirm the adequacy of our cyber security protocols and we’re actively working with law enforcement" including the FBI and a third-party investigator, the company said.

Dive Insight:

While the exact nature of the phishing operation against TQL has not been released, the company is not alone.

In September of last year, Roadrunner was hit by a malware attack, forcing the company to quarantine certain servers and data applications, costing the company $7 million in LTL revenue. And in 2017, a computer virus attacked industries around the globe, severely impacting FedEx and Maersk in particular — wiping data and shutting down terminals and booking sites, which in turn impacted freight forwarders and other carriers including Kuehne + Nagel.

The manufacturing industry alone received approximately 24 million spam attacks in the third quarter of 2019, according to an analysis of 202 billion emails conducted by Mimecast, a data security company. During that period, manufacturers also received 8 million impersonation attacks, where a hacker co-opts email addresses, domain names or social media profile information to trick an employee into releasing security credentials such as their username and password.

The median company received 94% of detected malware (either detected beforehand or after it caused a cyber breach) via email last year, according to Verizon's 2019 Data Breach Investigations Report. Over 80% of these emails were phishing campaigns sent to company employees containing malware embedded in attachments or hyperlinks.

External actors perpetrated 69% of cyber attacks, compared to 34% by internal personnel, according to the report. The primary motivations for the intrusions were financial (71%) and to gain a strategic advantage via corporate espionage (25%).

Corporate efforts to improve their cybersecurity and educate employees on how to detect and avoid falling prey to phishing and impersonation campaigns have been successful, according to Verizon. Click-rates on these kinds of emails have decreased from 25% in 2012 to 2.9% in 2018.

However, smaller businesses and less tech-savvy industries, particularly manufacturing and transportation, are at greater risk of cyber breaches, which can often operate "in the background" undetected for months before found and eradicated.

To hedge against this evolving threat, Mimecast recommends firms continuously update their security protocols, educate employees about the nature of common cyber attacks, enforce password controls that prevent the use of easily-copied credentials and implementing two-factor identification as an added layer of security.