Impact of LockBit's cyber attack on Nagoya cargo port: a detailed analysis

The important cargo port of Nagoya, located in Aichi prefecture and making it crucial for the logistics operations of major automakers such as Toyota, was recently the victim of a cyber attack. This was announced by the Japanese news agency Kyodo, confirming that the culprit is the well-known Russian-speaking hacker group LockBit. This attack led to the interruption of the loading and unloading operations of the container terminal on July 4, for a consequent stoppage of a day and a half. Although operations had partially resumed as of July 6, the full recovery of the system took longer than expected.

The effects of the attack and recovery activities

The cyberattack severely impacted the logistics activities of auto and component manufacturers, causing significant delays in shipping plans. Port officials said the LockBit group demanded a ransom to return control of the system, but the same entity claims it has not been in contact with the criminals and has not paid any ransom. That said, the fallout on the auto industry doesn't appear to be tragic. Toyota, for example, said it constantly monitors the progress of processes to assess any repercussions on its need for parts.

LockBit 3.0: an evolution in criminal strategy

LockBit is not new in the cybersecurity landscape. First launched in 2019 under the name of ABCD, it was then revamped and rebranded as LockBit. In 2021, a new version was presented, the LockBit 3.0, which stands out for a number of innovations. This version introduces, among other things, a bug-hunting platform, i.e. the search for vulnerabilities in the infrastructures used by the gang; the purchase of cryptocurrencies; a section reserved for affiliates; and new ways to generate profits. Among the possibilities offered to the victims, there are the extension of the "countdown" before the publication of the stolen data, the total destruction of the exfiltrated information, or access to the exclusive download of the stolen data. For all these operations you can pay in Bitcoin or Monero.

LockBit: a constant threat in the world of cyber security

Over the years, LockBit has continuously adapted and refined its operations, launching attacks on organizations and companies of various nature. In early 2021, for example, it paralyzed the UK postal service, Royal Mail, and also targeted healthcare facilities and companies in other sectors in different parts of the world, including Italy. Despite these raids, affiliates of the LockBit blog, accessible via the Tor network, have consistently maintained that they are apolitical. But the attack on the port of Nagoya, Japan's largest since 2002 and with a cargo volume in 2022 reaching 163.58 million tons, underscores the magnitude of the threat. While the technicians work on a total system recovery, it is clear that the fight against cybercrime continues to require great attention and resources.