Cybersecurity experts named the main vulnerabilities of logistics companies

Weak software has become one of the main vulnerabilities of transport and logistics companies in three quarters of 2024, experts from Neuroinform, a company that specializes in cyber risk analysis and assessment, told Izvestia.

Digital weapon: Russia has become the most hacker-attacked country in the world

Dozens of hacktivists target domestic organizations for third year

One of the most widespread vulnerabilities this year was an insecure direct object reference (IDOR, Insecure Direct Object Reference). This is a link that contains, for example, a specific product number or a user's personal account - by changing its elements, it is possible to enter other, seemingly closed for "entry from the street" pages and get hidden information.

"With the help of such a link, it is possible to view other people's orders with customers' personal data (full name, phone number, delivery address). In this case, attackers pick up the order identifier and see all the information on it without authorization," the analysts explained.

They estimated the share of such vulnerabilities at 38%. Another 26% are flaws in protection algorithms in the use of SMS during registration, authorization or password recovery. Cybercriminals use a script to enter other people's phone numbers, and the system sends out thousands of SMS. And the logistics company loses the money it pays for SMS verification.

Read more in Izvestia's exclusive article:

Send to link: cybersecurity companies named the top vulnerabilities of logistic companies