Value of stolen shipments has doubled: It’s hard to determine the size of this IT-related cargo theft problem. The US National Insurance Crime Bureau estimates cargo theft losses from all sources increased 27% last year compared to 2023, to $35 billion.Versik CargoNet, a company that tracks physical supply chain crime for law enforcement agencies, insurance companies, and distributors in the US and Canada, estimated in its Q3 report that the most recent quarterly losses due to theft were more than $111 million from 772 cargo theft events. Because there isn’t mandatory reporting of thefts, the true number would be larger. About 40% of that $111 million total could be IT-enabled fraud, said Keith Lewis, Versik CargoNet’s vice president of operations. That includes phishing, smishing, stealing of internet domains, spoofing, buying legitimate companies to abuse their names and more.Hacking ERP systems to re-direct freight isn’t happening yet, he added.The average stolen shipment value doubled to $336,787, up from $168,448 in Q3 2024, “clear evidence that cargo thieves are becoming more strategic in selecting targets,” the Versik CargoNet report says.”Organized crime groups are in a transitional phase, adapting to anti-fraud tools deployed across the logistics industry,” the report adds.Once criminals know where trucks are going, the most common locations for cargo theft are truck stops and parking lots, distribution centers and warehouses, ports and rail yards, highways and rest areas, it said.
‘Classic phishing’:
: Robert Beggs, head of Canadian incident response firm DigitalDefence, calls the Proofpoint report a description of “a classic phishing scheme, but one that is particularly successful due to the nature of logistics operations.”Although this is a new variant of previous campaigns, those attacks have also been successful because trucking is a round the clock operation that is largely remote, he said, so endpoints may not always have connectivity and facilities in place to ensure trust. The risk is increased because this is an industry that is time-sensitive, he pointed out. A trucker with a load has to obtain approval to move, ensure papers are in order, and have sufficient cash on hand to meet immediate demands. “Together, these factors are tailor-made to support social engineering attacks,” he said.Trucking may appear to be a low-tech industry, Beggs noted, because generally it avoids strong cybersecurity controls. However, its operations demand that such controls exist, especially when it comes to advancing funds or controlling information about high-value loads. At a minimum, firms in this sector must use multi-factor authentication for logins and ensure access to critical systems is monitored for proper use and the presence of any anomalies. Some companies use code words or expressions in messages to identify critical loads for an extra level of privacy, he added.”Truckers have always been perceived to be a weak link, especially due to their limited practice of cybersecurity,” Beggs said. However, they are a critical part of any nation’s infrastructure and will likely continue to be targeted by social engineering and other attack types.
Vulnerable TMS systems: Danielle Spinelli, a former transportation broker and now account executive at Descartes Systems Group, which sells broker, transportation management, and ecommerce solutions, often speaks to the industry on cybersecurity and cargo theft.She said one problem is the large number of ‘fly-by-night’ TMS (transportation management systems) that can easily be hacked. TMS providers have customer and truck load information that crooks want. Another point of vulnerability, she added, is poorly-secured ELD (electronic log device) providers that can be hacked or provide an entry point to TMS systems. ELDs are devices in trucks that automatically record a drivers’ driving time, duty status, and other information.At greatest risk are one or two person cargo hauling firms who do business through free email accounts, Spinelli added.The US Federal Motor Carrier Safety Administration (FMCSA) is implementing anti-fraud initiatives that IT departments can leverage, she said. That includes requiring new commercial driver applicants to match their government documents with a facial scan. She also recommends logistics companies use technology platforms that combine FMCSA authority data with historical tracking performance, vehicle identification number verification, geo-location, and insurance validation before a truck is dispatched.The problem of cargo theft is increasingly getting the attention of the C-suite, said Versik CargoNet’s Lewis. They are now pushing for their security departments to hire IT people who have the same skills as those who work for financial institutions for tracing fraud and theft.As for the future, he worries that crooks will make increasing use of AI to enable their cyber attacks.
Need for Cybersecurity 101: The industry is adopting technology solutions to combat cargo theft; for example, CargoNet just launched RouteScore API, which uses an algorithm to create a cargo theft route risk score for US and Canada.But what’s also needed is Cybersecurity 101. Spinelli of Descartes says the first thing IT and infosec leaders should do is increase employee security awareness training about how to recognize phishing attacks and the need to resist the urge to click on every attachment. They should require admins and users of logistics-related applications to reset their admin and user passwords every three to six months. And companies should make sure there are good off-boarding procedures to cancel IT access when an employee leaves the firm.Proofpoint urges firms in the cargo transportation sector to:
restrict the download and installation of any RMM tooling that is not approved and confirmed by an organization’s information technology administrators; have network detections in place including using the Emerging Threats ruleset and use endpoint protection. This can alert of any network activity to RMM servers; not allow employees to download and install executable files (.exe or .msi) from email or texts from external senders;train employees to identify and report suspicious activity to their security teams. This training can easily be integrated into an existing user training program.
Vulnerable TMS systems: Danielle Spinelli, a former transportation broker and now account executive at Descartes Systems Group, which sells broker, transportation management, and ecommerce solutions, often speaks to the industry on cybersecurity and cargo theft.She said one problem is the large number of ‘fly-by-night’ TMS (transportation management systems) that can easily be hacked. TMS providers have customer and truck load information that crooks want. Another point of vulnerability, she added, is poorly-secured ELD (electronic log device) providers that can be hacked or provide an entry point to TMS systems. ELDs are devices in trucks that automatically record a drivers’ driving time, duty status, and other information.At greatest risk are one or two person cargo hauling firms who do business through free email accounts, Spinelli added.The US Federal Motor Carrier Safety Administration (FMCSA) is implementing anti-fraud initiatives that IT departments can leverage, she said. That includes requiring new commercial driver applicants to match their government documents with a facial scan. She also recommends logistics companies use technology platforms that combine FMCSA authority data with historical tracking performance, vehicle identification number verification, geo-location, and insurance validation before a truck is dispatched.The problem of cargo theft is increasingly getting the attention of the C-suite, said Versik CargoNet’s Lewis. They are now pushing for their security departments to hire IT people who have the same skills as those who work for financial institutions for tracing fraud and theft.As for the future, he worries that crooks will make increasing use of AI to enable their cyber attacks.
Need for Cybersecurity 101: The industry is adopting technology solutions to combat cargo theft; for example, CargoNet just launched RouteScore API, which uses an algorithm to create a cargo theft route risk score for US and Canada.But what’s also needed is Cybersecurity 101. Spinelli of Descartes says the first thing IT and infosec leaders should do is increase employee security awareness training about how to recognize phishing attacks and the need to resist the urge to click on every attachment. They should require admins and users of logistics-related applications to reset their admin and user passwords every three to six months. And companies should make sure there are good off-boarding procedures to cancel IT access when an employee leaves the firm.Proofpoint urges firms in the cargo transportation sector to:
restrict the download and installation of any RMM tooling that is not approved and confirmed by an organization’s information technology administrators; have network detections in place including using the Emerging Threats ruleset and use endpoint protection. This can alert of any network activity to RMM servers; not allow employees to download and install executable files (.exe or .msi) from email or texts from external senders;train employees to identify and report suspicious activity to their security teams. This training can easily be integrated into an existing user training program.
restrict the download and installation of any RMM tooling that is not approved and confirmed by an organization’s information technology administrators; have network detections in place including using the Emerging Threats ruleset and use endpoint protection. This can alert of any network activity to RMM servers; not allow employees to download and install executable files (.exe or .msi) from email or texts from external senders;train employees to identify and report suspicious activity to their security teams. This training can easily be integrated into an existing user training program.
First seen on csoonline.com
Jump to article: www.csoonline.com/article/4084523/how-crooks-use-it-to-enable-cargo-theft.html
