×

FedEx cyberattacks wanted to destroy more than just money, experts say

  • The FedEx cyber attack could be part of a bigger ploy to hinder all organizations based in Ukraine, according to Mandiant Cyber Security's Charles Carmakal.
  • Experts told CNBC's "Squawk Alley" that they believe companies need to adopt better defense techniques to prevent future cyber attacks.
An employee sorts packages inside the FedEx distribution hub at Los Angeles International Airport.
Patrick T. Fallon | Bloomberg | Getty Images
An employee sorts packages inside the FedEx distribution hub at Los Angeles International Airport.

The FedEx cyber attacks may have been targeting something more than money, according to Ed Stroz, the former FBI head of computer crime.

"Even though there's a financial component in terms of the payload looking from ransomware, the deeper analysis shows that may not have been the main purpose," Stroz, founder of cybersecurity firm Stroz Friedberg, said in an interview Thursday on CNBC's "Squawk Alley."

"If you look at the geographic impact as to where it hit, and if they start to reverse-engineer some of the code and the functionality, it looks like the disruption payload was more significant than the ransomware payload," he said.

FedEx's TNT Express subsidiary suffered a cyber attack earlier this week that operations and communications systems. While no data was breached, the attack could have a material financial impact, the company said.

Charles Carmakal, vice president at Mandiant Cyber Security, agreed that the attack's objective may not have been purely financial, claiming it could be part of a bigger ploy to hinder all organizations based in Ukraine. The attack hit other businesses beyond FedEx, affecting companies such as Danish shipping giant Maersk, according to Thomson Reuters.

"What's really clear right now is that we are seeing what appears to be the first widescale attack against the economy and Ukraine," Carmakal said. "It appears to be more of a disruptive attack against organizations that do business in the Ukraine and something to really impact the way of life out there."

The companies themselves are partially to blame for the attacks, according to both Carmakal and Stroz, who claim there are better defense techniques companies should be taking to reduce the impact.

Companies should be "looking at a more holistic approach to the risks that are inherent in this kind of field, and understanding [they] can't just tell the IT department to make [them] safe because it's impossible, and anybody can be hurt," Stroz said.

—CNBC's Angelica LaVito contributed to this report.

Watch: FedEx halts trading after cyberattack