Hackers are breaking into trucking and freight company networks in an effort to steal and sellĀ cargo, a new study has found. TheĀ heists are part of a growing campaign tied to organized crime groups that could cost companies and consumers billions of dollars.
Researchers say the criminals are targeting trucking carriers and freight brokers, using fake load board listings and phishing emails to gain access to company systems. Once inside, they install remote access software that lets them bid on legitimate shipments and reroute them for theft. The stolen goods are often sold online or shipped overseas.
Proofpoint, the cybersecurity firm behind the report, said it has āhigh confidenceā that these attacks are coordinated with organized crime groups.
āIt has this sort of ripple effect across the entire ecosystem, from the ships that deliver them to the ports, that get picked up by the truckers, that get sent to businesses, and then ultimately onto consumers,ā said Selena Larson, Senior Threat Intelligence Analyst at Proofpoint. āIt is a full-scale supply chain threat.ā
Ā
Old crimes, new tools
Cargo theft has long been a problem, but digital transformation has given criminals new ways to pull it off. Proofpoint says hackers are using remote monitoring and management (RMM) tools such as ScreenConnect, SimpleHelp, and PDQ Connect to take over company systems. Because these programs are legitimate business tools, attackers can install them without raising suspicion.
Researchers have observed nearly two dozen of these cyber-enabled cargo theft campaigns since August. The attacks range from small family-owned carriers to large logistics firms.
Why carriers are easy targets
āThe demand for loads is high, and carriers jump on opportunities quickly,ā said Proofpoint threat researcher Ole Villadsen. āThereās a huge sense of urgency to get loads, and dispatchers are willing to throw caution to the wind if it means they might be able to get a load.ā
That speed makes carriers vulnerable to phishing emails and fake load listings. One tactic described in the report involves compromised load boards, in whichĀ hackers pose as brokers to send malicious links to carriers eager to get new business. Clicking the link installs remote access software, giving hackers control of the system.
A global and growing threat
While most attacks have occurred in North America, Proofpoint says cargo theft is a global issue, with locations such asĀ Brazil, Mexico, India, Germany, and South Africa attractive to criminals. The most frequently stolen items are food and beverages, including energy drinks, which are often resold in overseas markets.
The National Insurance Crime Bureau estimates that cargo theft leads to $34 billion in annual losses. Theft increased by 27% in 2024 and is expected to rise by another 22% this year.
Proofpoint recommends that trucking and logistics companies restrict the use of unapproved RMM tools, monitor network activity, and train employees to spot suspicious links or attachments. The company says cyber-enabled cargo theft will likely continue to rise unless businesses tighten their defenses.
