CFDs are complex instruments and come with a high risk of losing money rapidly due to leverage. 79% of retail investor accounts lose money when trading CFDs with this provider. You should consider whether you understand how CFDs work and whether you can afford to take the high risk of losing your money.
US English

How companies can limit a cyberattack like Expeditors (EXPD)

By Joyanta Acharjee

15:51, 2 March 2022

A hacker in a hoodie in a lair
Hackers can launch attacks such as spreading malware and taking down websites – Photo: Shutterstock

As a US logistics firm experiences a major service outage, two cybersecurity firms share tips to help corporations limit the damage from hacker attacks such as ransomware and distributed denial of service (DDoS).

The cyberattack on Expeditors International of Washington (EXPD) which was first discovered two weeks ago will have a “material adverse impact”, the company said in a regulatory filing.


Ransomware is malicious software that takes control of a computer system to lock out users until a fee is paid. A DDoS attack overloads traffic to websites from a network of infecting computers that overload the targeted site with page requests.

A website banner warning of a security outage Expeditors International

“At this early stage, the company is unable to estimate the ultimate direct and indirect financial impacts of this cyberattack,” Expeditors said in the filing.

What is your sentiment on PANW?

Vote to see Traders sentiment!

Global logistics

Headquartered in Seattle, Expeditors International is a Fortune 500 logistics company with over 18,000 employees and a global network of over 350 locations in over 100 countries on six continents.

The stock is down 4% since it disclosed the outage. Shares were trading at $102.85 per share, up 1.4% at 11:25 EST (UTC+5).

“Expeditors is making progress in returning to normal operations. We are now handling shipments and providing services across most products and expanding recovery across our locations,” the company said in an update.

Specialist research team

With the outbreak of hostilities in Eastern Europe, a specialist research team at Palo Alto Networks (PANW) has documented significant increases in cyberattacks.

Unit 42 saw a series of DDoS attacks in mid-February and highlighted a new malware variant known as HermeticWiper that originated in Ukraine with website defacement attacks in the nation taking place shortly after.


2,071.98 Price
+1.760% 1D Chg, %
Long position overnight fee -0.0195%
Short position overnight fee 0.0113%
Overnight fee time 22:00 (UTC)
Spread 0.30

Oil - Crude

74.42 Price
-1.480% 1D Chg, %
Long position overnight fee -0.0136%
Short position overnight fee -0.0083%
Overnight fee time 22:00 (UTC)
Spread 0.030


0.62 Price
+0.600% 1D Chg, %
Long position overnight fee -0.0753%
Short position overnight fee 0.0069%
Overnight fee time 22:00 (UTC)
Spread 0.01168


15,965.00 Price
+0.290% 1D Chg, %
Long position overnight fee -0.0262%
Short position overnight fee 0.0040%
Overnight fee time 22:00 (UTC)
Spread 1.8

“Future attacks may target US and Western European organisations in retaliation for increased sanctions or other political measures against the Russian government. We recommend that all organisations proactively prepare to defend against this potential threat,” Unit 42 wrote in a threat briefing.

Recommended actions

Unit 42’s briefing gives the following recommended actions to help companies prepare for possible cyberattacks:

  • Patches: apply patches for any software containing vulnerabilities – not just those known to be exploited. This is most urgent for software that is internet-facing and necessary for business operations, such as webmail and virtual private networks (VPNs).
  • Data destruction: Forms of disruptive cyberattack will either use ransomware or pose as ransomware. Test data backup and recovery plans as well as testing the continuity of operations in case the corporate network or other key system is disabled.
  • Respond quickly: Ensure designated points of contact across an organisation in key areas in case of a cybersecurity incident or infrastructure disruption. Test communication protocols (and backup protocols) to avoid being caught without a clear way of communicating critical information internally and externally.
  • Network lockdown: Making small policy changes can decrease the likelihood of a successful attack against your network. Many applications can be abused even if the application itself isn't malicious. If your organisation doesn't require their functionality, blocking them will improve security posture.

“There is no way to know for certain what shape an attack may take, but taking these steps will help provide broad protection against what we expect to come,” the research team said.

Employee training

Cybersecurity training firm KnowBe4 (KNBE) also adds the following points:

  • Deploy strong multi-factor authentication (an additional form of identification such as a code from a smartphone app or a fingerprint scan) to as many employees as you can.
  • Walk employees through security awareness training to keep them on their toes with security top of mind.

“It pains me to say, that while you are at it, warn your users: criminals will start new, devious charity campaigns that claim to help people in Ukraine. Remind your users to only use legit charities they are already familiar with and to never click on a link in an email of a charity claiming to help Ukraine war victims,” KnowBe4 founder and CEO Stu Sjouwerman wrote in a blg post.

Gone phishing

Late last year KnowBe4 published its findings on an email scam known as phishing, which involves gaining a user's credentials by directing them to sign into a fake website designed to appear genuine.

Image shows common fake email subjectsKnowBe4

Amongst the most common fake email subjects received in Europe and North America according to KnowBe4’s findings are “Password Check”, “Policy Update” and “Employee Portal”.

Chief hacking officer

A picture of hacker-turned-security consultant Kevin MitnickKnowBe4

Florida-headquartered KnowBe4 offers online security training and seminars. Its chief hacking officer is none other than legendary hacker Kevin Mitnick who has over 30 years of experience and is the auther of four bestselling books.

Markets in this article

120.20 USD
-0.24 -0.200%
120.20 USD
-0.24 -0.200%
Palo Alto Networks
294.55 USD
-0.1 -0.030%
Palo Alto Networks
294.55 USD
-0.1 -0.030%

Rate this article

Related reading

The difference between trading assets and CFDs
The main difference between CFD trading and trading assets, such as commodities and stocks, is that you don’t own the underlying asset when you trade on a CFD.
You can still benefit if the market moves in your favour, or make a loss if it moves against you. However, with traditional trading you enter a contract to exchange the legal ownership of the individual shares or the commodities for money, and you own this until you sell it again.
CFDs are leveraged products, which means that you only need to deposit a percentage of the full value of the CFD trade in order to open a position. But with traditional trading, you buy the assets for the full amount. In the UK, there is no stamp duty on CFD trading, but there is when you buy stocks, for example.
CFDs attract overnight costs to hold the trades (unless you use 1-1 leverage), which makes them more suited to short-term trading opportunities. Stocks and commodities are more normally bought and held for longer. You might also pay a broker commission or fees when buying and selling assets direct and you’d need somewhere to store them safely.
Capital Com is an execution-only service provider. The material provided on this website is for information purposes only and should not be understood as an investment advice. Any opinion that may be provided on this page does not constitute a recommendation by Capital Com or its agents. We do not make any representations or warranty on the accuracy or completeness of the information that is provided on this page. If you rely on the information on this page then you do so entirely on your own risk.

Still looking for a broker you can trust?

Join the 570.000+ traders worldwide that chose to trade with

1. Create & verify your account 2. Make your first deposit 3. You’re all set. Start trading