Hellman Worldwide Logistics: Operations Disrupted by AttackMajor Logistics Firm Takes Central Data Center Offline as It Probes Online Attack
A major logistics provider is warning that its operations remain disrupted after it was hit by an online attack of an unspecified nature. The alert comes just two weeks shy of Christmas, during a holiday shopping period that analysts have predicted will see record demand from consumers for e-commerce goods and shipping.
See Also: 2022 Unit 42 Incident Response Report
On Thursday, Hellman Worldwide Logistics, based in Osnabrück, Germany, posted a notice to its website saying that it had been targeted by online attackers, as Air Cargo News first reported.
"The attack was discovered and is continuously observed and analyzed by Hellmann´s global crisis taskforce," the company says in its security alert.
The 150-year-old business has 489 offices across 174 countries, handles about 16 million shipments per year and reported 2020 revenues of $2.8 billion
"We currently recommend reaching out to your contacts at Hellman on their cellphones."
Hellman says it's brought in third-party incident response experts to investigate the attack and taken numerous systems offline. "As a precautionary measure, all connections to the central data center were immediately disconnected temporarily, which currently still has material impact on our business operations," it says.
While the nature of the attack has not been revealed, the sudden outage and disconnection of systems bespeaks a malware attack, and potentially an attack involving ransomware.
"We can currently not rule out that there have been data leakages or unauthorized use of data," the company says.
All corporate email systems appear to remain offline, due to the data center being disconnected. "We currently recommend reaching out to your contacts at Hellman on their cellphones," the company says.
Target: Supply Lines
The attack against Hellman comes at a time when, experts say, logistics and supply lines are already stretched thin due in part to the pandemic.
"This year, the 'everything shortage' is real - from a drop in available workforce to limited supplies to lack of delivery services," Raj Samani, chief scientist at McAfee Enterprise, wrote in a blog post published last month.
"This creates an urgency for organizations to have actionable security plans and to effectively contain and respond to threats," he said. "Supply chain and logistics, e-commerce and retail, and the travel industry traditionally experience holiday seasonal increases in consumer and business activity, making them more vulnerable to cyberthreats and leaving business, employee and consumer data at risk.
Repeat Ransomware Attacks
If Hellman has suffered a ransomware attack, it would not be the first logistics or shipping firm to so fall victim.
Last year, for example, Australian transportation and logistics company Toll Group, which is owned by Japan Post and operates in more than 50 countries, fell victim to two separate ransomware attacks.
The first attack, which came to light last March and was tied to the Mailto - aka Netwalker - ransomware crew, disrupted operations for weeks. About six weeks later, the company was again hit, this time by the Nefilim group. In both cases, the company vowed to not pay a ransom. In response, attackers dumped many gigabytes of stolen data.
Danish shipping giant A.P. Moller-Maersk, meanwhile, fell victim to the destructive NotPetya malware attack in 2017, leading to months of shipping delays and $350 million in cleanup costs.
The wiper malware was distributed - allegedly by state-sponsored Russian hackers - via a legitimate Ukrainian tax accountancy developer, whose software is used by the vast majority of global businesses that must file Ukrainian taxes.
Of the 7,000 companies that use the software, all fell victim to the malware attack, Moller-Maersk CTO and CIO Adam Banks said at the 2019 Infosecurity Europe conference in London.
U.S.-based FedEx reported that its Netherlands-based TNT Express subsidiary also fell victim to NotPetya.