Organized crime groups are increasingly blending cyberattacks with real-world theft, targeting the transportation and logistics sector to hijack physical freight. According to new research from Proofpoint, a financially motivated cluster of cybercriminals is actively exploiting digital systems used by freight brokers and trucking carriers. As a result, attackers are successfully stealing high-value shipments, ranging from electronics to consumer goods like energy drinks, and reselling them online or shipping them overseas.
As supply chains become more digitized, attackers are finding new ways to infiltrate operations. In this case, cybercriminals are leveraging Remote Monitoring and Management (RMM) software to gain unauthorized access to systems. Once inside, they can monitor operations, manipulate communications, and identify valuable cargo for theft. Consequently, these attacks are not only causing financial losses but also disrupting global supply chains.
To carry out these operations, attackers are primarily targeting load boards, which are digital marketplaces used to match freight brokers with carriers. Over the past several months, Proofpoint has tracked nearly two dozen campaigns involving thousands of malicious messages. Notably, these campaigns rely heavily on social engineering techniques to deceive victims.
First, attackers compromise legitimate load board accounts using stolen credentials. They then post fraudulent freight listings and wait for carriers to respond. Once engagement begins, they send malicious links disguised as legitimate communication.
Second, attackers hijack existing email threads between trusted partners. By inserting harmful links into ongoing conversations, they exploit the trust already established between brokers and carriers.
Third, they conduct broad phishing campaigns targeting transportation companies. By gaining access to a single logistics firm, attackers can identify high-value shipments and plan future thefts more effectively.
Once a victim clicks on a malicious link, the attack progresses quickly. Typically, the link downloads an executable or MSI file, which installs legitimate but misused RMM tools such as ScreenConnect, PDQ Connect, SimpleHelp, N-able, Fleetdeck, or LogMeIn Resolve. Although these tools are designed for remote IT management, attackers abuse them to gain persistent access and control over infected systems.
While Proofpoint has not attributed these campaigns to a specific threat group, the attackers demonstrate a sophisticated understanding of trucking operations and logistics software. Therefore, their ability to blend cyber intrusion with physical theft makes these attacks particularly dangerous.
To mitigate these risks, organizations must adopt a proactive cybersecurity strategy. For example, companies should restrict the installation of unauthorized software and allow only approved RMM tools within their networks. In addition, deploying advanced endpoint protection and network monitoring can help detect suspicious connections to external servers.
Furthermore, organizations should block executable attachments from unverified email sources, as these are commonly used to deliver malicious payloads. Equally important, employee training plays a critical role. Dispatchers and logistics staff must learn to phishing attempts, especially those involving urgent freight deals or unfamiliar load board links.
Ultimately, as cyber and physical threats continue to converge, transportation companies must rethink their approach to security. By treating cybersecurity as a core component of freight protection, organizations can better defend against these evolving and costly attacks.
Recommended Cyber Technology News :
- Acora Baseline Assessment Transforms Cyber Risk Management
- Persistent Databricks AI Boosts Merchant Risk Management
- HackerOne Stops Bug Bounty Program Over AI Risks
To participate in our interviews, please write to our CyberTech Media Room at info@intentamplify.com
