Cybercriminals are targeting trucking and logistics companies with remote monitoring tools to hijack cargo freight, researchers at cybersecurity company Proofpoint have found. The hackers are collaborating with organized crime groups to compromise companies involved in the freight supply chain, the report stated, further fueling a significant increase in cargo theft in recent years. The theft of goods in transit in the US increased by 27% in 2024 and is expected to rise by another 22% this year, according to the National Insurance Crime Bureau.[1]
It is estimated that the industry loses $35 billion annually to cargo theft. Increasingly, this theft involves a cyber component, with criminals exploiting an increasingly digitized system to intercept goods. Proofpoint researchers have been observing a threat cluster active since at least June that has demonstrated a deep “knowledge of how the trucking and transportation industries work.”
The hackers employ a range of tactics, including infiltrating load boards —marketplaces where shippers and freight brokers connect with carriers —and advertising fraudulent loads. When a carrier responds, they send emails with malicious URLs. In some cases, they compromise email accounts and send messages containing malicious links that, when clicked, install legitimate remote monitoring and management tools, such as ScreenConnect, PDQ Connect, and Fleetdeck.
After gaining access, the hackers conduct system and network reconnaissance and deploy credential-harvesting tools. “Once a threat actor has compromised a carrier, they probably will use their knowledge of the industry and any insider information derived from other compromises to identify and bid on loads that are likely to be profitable if stolen,” said Proofpoint, which over the last two months has observed nearly two dozen active campaigns. They recommended that companies restrict the installation of remote monitoring tools, implement network detection measures, and avoid downloading executable files sent via email.
The cargo theft scourge has been garnering more attention in Washington, DC, lately, including legislation introduced in April that aims to establish a unified federal response to the issue. Meanwhile, the US Department of Transportation recently solicited input from stakeholders in the freight industry on how to combat cargo theft, including cyber-enabled crimes.
This article is shared with permission at no charge for educational and informational purposes only.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. We provide indicators of compromise information via a notification service (RedXray) or an analysis service (CTAC). For questions, comments, or assistance, please contact the office directly at 1-844-492-7225 or feedback@redskyalliance.com
- Reporting: https://www.redskyalliance.org/
- Website: https://www.redskyalliance.com/
- LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://register.gotowebinar.com/register/5207428251321676122
[1] https://therecord.media/cargo-theft-hackers-remote-monitoring-tools/
Comments