The logistics industry is rapidly growing, projected to reach $58.7 billion by 2030, driven by e-commerce expansion, supply chain digitization, and real-time delivery demand. However, this evolution also increases cybersecurity risks, threatening the stability of interconnected supply chains reliant on cloud services.
Background
In 2017, Maersk, a global logistics leader, suffered a devastating cyberattack via the NotPetya malware. Orchestrated by the Russian GRU, the attack exploited system vulnerabilities, disrupting Maersk’s operations and highlighting weaknesses in global supply chains.
Attack
- Attackers used the NotPetya malware, combining the NSA's EternalBlue exploit with other tools to spread across networks.
- Initial access was gained through a compromised Ukrainian software vendor, M.E.Doc, which Maersk used for tax preparation.
- Despite patching some vulnerabilities, inadequate auditing and weak third-party controls left Maersk exposed.
Impact
- In 25 minutes, 22% of Maersk's international operations were crippled.
- 15,000 containers were paralyzed, disrupting global shipping and supply chains.
- Total losses included $300 million for Maersk and $10 billion globally.
- Lack of redundancy forced manual operations, compounding delays.