- Hackers create phishing attacks for logistics companies
- They then gain access and redirect shipments to new destinations
- Real organized criminal gangs are waiting to steal the diverted cargo
It seems like the obvious evolution of crime in an increasingly online world – but cybercriminals and offline gangs generally stick to their specialties, given that they require completely different skills.
But reports from ProofPoint have now emerged about new attacks where cybercriminals are working together with traditional real-world OCGs to combine their efforts – primarily targeting freight brokers and trucking companies.
The attacks are seriously sophisticated, as hackers start by emailing malicious links to freight organizations, before then deploying remote monitoring and management tools (RMMs) – which allow them to divert trucks or impersonate legitimate cargo.
New age highway robbers
The use of social engineering directly targets freight brokerage firms and logistics companies along the supply chain, allowing criminals to identify high-value shipments and gain access to information about other related organizations and freight.
Attackers were observed deleting booking emails and blocking messages from the sender, pretending to be the targeted company and talking directly to truck drivers – which seemed completely legitimate.
The trucks are then diverted to fraudulent collection points where the goods are stolen by the organized crime groups.
Although the researchers do not suggest that any incidents of violence have occurred, the physical theft from OCGs suggests that there is certainly a risk of harm to an unsuspecting driver if the goods are hijacked.
Cargo theft has been a problem for centuries, so it’s no surprise that criminals are evolving the old highway robbery tactic to fit the modern age.
Cargo theft costs around $34 billion in losses annually, statistics estimate, but the digitization of supply chains worldwide is leaving cargo exposed in a new way that threatens to dramatically increase the number of attacks.
The best protection against identity theft for all budgets
