Cybercriminals are increasingly targeting companies in the transport and logistics sector by misusing management tools to steal physical goods.
According to a recent report by Proofpoint, transporters and freight agents are recruited via seemingly trustworthy invitations, after which Remote Monitoring and Management (RMM) tools are installed on the organisation’s systems.
According to the researchers, the process often begins with a compromised account on a freight placement platform or a hijacked carrier email account. The attack is launched as soon as, for example, a carrier responds to a fake freight offer: the attacker sends a malicious link or file that installs an RMM tool. With that access, the criminal can pose as a trusted party, change bookings, block notifications, and even use planners’ phones to communicate directly with brokers.
The use of this type of tooling is striking. In the cases analyzed, software packages such as ScreenConnect, SimpleHelp, PDQ Connect, Fleetdeck, N-able, and LogMeIn Resolve were used. Proofpoint has determined with a high degree of certainty that organized crime is involved in this chain of attacks, aimed at stealing and then reselling or exporting goods.
Logistics: an attractive target
The logistics sector is an attractive target due to the physical value of cargo and the complex chain of parties involved. According to the report, cargo theft in the US, for example, resulted in an estimated annual loss of USD 34 billion. Once the attacker has gained access, they conduct network and system reconnaissance, collect login credentials, and can thus penetrate further into the victim’s infrastructure.
Although many of the identified campaigns target North America, the researchers note that the phenomenon occurs worldwide, with incidents in Brazil, Mexico, India, Germany, Chile, and South Africa, among others.
To prevent these types of attacks, Proofpoint advises companies in the sector to strictly regulate the installation of external management tools, monitor suspicious network activity, and actively block executable email attachments (.exe, .msi).
For logistics companies, this means that the line between cybersecurity and physical security is becoming increasingly blurred: it is no longer just about protecting data, but about preventing the actual theft of goods. In this sense, the digitization of the supply chain has become a challenge that weighs more heavily than mere efficiency gains.