US Customs Bulletin Warns of Ransomware Attacks Threatening National Security

The United States Customs and Border Protection agency issued a special intelligence bulletin, warning that ransomware attacks are now turning into a threat to national security in the country due to causing disruptions in supply chains.

The special intelligence bulletin was obtained and analyzed by Yahoo News. The gist of the bulletin was that an increasing number of ransomware attacks are taking aim at the supply chain in the US and have the potential of growing to the point where they would post a threat to national security.

Attackers zeroing in on supply chain

The bulletin outlined that the ransomware threat actors were attacking "multibillion-dollar industries" and causing not just IT security turmoil but also "social, economic and potentially political instability".

This warning comes right after Monday's White House statement concerning the heightened risk of potential significant cyberattacks originating from Russia, in response to the unparalleled sanctions that the US, EU, and other countries imposed on the Russian state after the invasion of Ukraine.

The Customs and Border Protection bulletin further mentions a number of attacks on several European entities involving ransomware that were "likely" executed by the same threat actor that launched the ransomware attack on Colonial Pipeline in mid-2021.

Another cyberattack is also mentioned - the one that affected Expeditors International - a massive logistics operator, one of the top 6 in the world, headquartered in the state of Washington. Roughly a month ago, in late February 2022, Expeditors International announced it was affected by a cyberattack, whose exact nature and origins were never revealed.

Even though there was a major push to secure the US banking system from intrusion and potential foreign threat actors, the attacks are now turning towards companies working in logistics, according to reports from law enforcement and intelligence agencies.

How big will the impact of the Expeditors attack be?

Experts believe that the attack on a logistics entity that is as big as Expeditors International can have larger implications for both domestic and foreign markets and supply chains. Roughly three weeks after the incident, the logistics company posted an update on the situation, stating it managed to make "some progress putting aspects of its business back online", Yahoo News reports.

While logistics software remains offline, experts also stated that there is a heightened danger of criminal activity that can go undetected, which further complicates the situation.

The US is doing its best to ramp up security across the board, from critical infrastructure to banking to even the public sector, with guidance issued for mitigation and prevention measures on every level. Whether this will be sufficient to stem a possible tide of orchestrated foreign threat actor attacks remains to be seen.