Overview
- Proofpoint reports nearly two dozen recent campaigns targeting freight brokers and trucking carriers, with some email runs reaching about 1,000 messages.
- Intrusions begin through social engineering using compromised load-board accounts, hijacked email threads, and direct phishing of carriers and brokers.
- Attackers deliver signed .exe or .msi installers that deploy remote monitoring and access tools such as ScreenConnect, SimpleHelp, PDQ Connect, Fleetdeck, N-able, and LogMeIn Resolve.
- Once inside, actors conduct reconnaissance, harvest credentials, alter or delete bookings, block dispatcher alerts, add devices to phone extensions, and rebook loads to enable physical theft.
- Activity is concentrated in North America with related operations noted in Brazil, Mexico, India, Germany, Chile, and South Africa, as industry losses from cargo theft total roughly $34–35 billion annually; recommended defenses include restricting unapproved RMMs and blocking executable attachments.