"Reminiscent of the decades-old criminal campaigns targeting train carriages and other shipping methods, researchers at Proofpoint say criminals are not only seeking to disrupt supply chains with cyberattacks, but to profit from the goods in transit, too. Proofpoint's threat research team, including Ole Villadsen and Selena Larson, has attributed nearly two dozen recent campaigns with high confidence to cybercriminals infecting US logistics companies with remote monitoring and management (RMM) tools, likely working with organized crime groups to collect and sell the stolen goods."
"Cybercriminals are targeting accounts associated with these broker load boards, and once they gain access here, they post a fake load that attracts bids from unwitting cargo haulers. In response to the bidding businesses, the attackers embed links that lead to malicious installations of legitimate RMM apps such as N-able, ScreenConnect, SimpleHelp, and more. They scan for credentials on the victim company's network after establishing initial access to their systems, allowing them to successfully bid on genuine freight advertisements."
Cybercriminals are infecting logistics companies' systems with remote monitoring and management (RMM) tools to enable stealings of cargo in transit. Attacks begin by compromising broker load board accounts and posting fake loads that attract bids from legitimate carriers. Attackers embed links leading to malicious installations of legitimate RMM apps, then scan networks for credentials to bid on genuine freight. After securing shipment details, attackers intercept communications, impersonate brokers or carriers, and redirect cargo to controlled addresses. On-the-ground organized crime groups then physically seize misdirected shipments, which are subsequently sold for profit.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]