A sophisticated and escalating cybercrime operation is targeting the logistics and transportation sector, specifically trucking carriers and freight brokers, to hijack valuable cargo shipments. According to new research from Proofpoint Inc., these cybercriminals are working closely with organized crime syndicates to execute cargo thefts, injecting remote access tools into company networks with the ultimate aim of diverting and stealing freight. The stolen goods, which can range from electronics to high-demand food and beverages like energy drinks, are then often liquidated through online sales or routed overseas. This method represents a significant and multi-faceted supply chain threat, affecting every step from port operations to consumer delivery and potentially inflicting billions in losses on companies and escalating costs for end-users.
The financial impact of these technologically-enabled heists is substantial and rapidly increasing, with organizations like the National Insurance Crime Bureau estimating that cargo theft already accounts for annual losses of $35 billion. Industry data suggests this problem is worsening, with cargo theft losses rising by 27% in 2024 and projected to climb another 22% in 2025. Cybersecurity analysts first began tracking this specific type of cyberattack against cargo companies in 2024 and have since identified evidence pointing to at least three distinct criminal groups actively employing these methods. In the span of just two months, researchers have already documented nearly two dozen separate campaigns, underscoring the rapid adoption and deployment of this lucrative crime model, which one expert described as a complex “constellation of different threat groups” that is challenging for law enforcement and businesses to tackle collectively.
The success of these cyber-enabled heists hinges on the attackers’ ability to employ social engineering tactics combined with a deep, insider-like understanding of logistics industry operations. The criminals specifically exploit supply chain technology designed for efficiency, particularly load boards—online marketplaces used for booking carriers. A key tactic involves the hackers compromising these boards and posting fraudulent loads. When a legitimate carrier responds to the fake posting, the attackers send a follow-up email, which appears to be from a trusted broker confirming the load details, complete with a malicious link disguised as an “online setup packet.” This deceptive process grants them the necessary network access to facilitate the theft.
A significant factor contributing to the success of this scheme is the high-demand, high-urgency nature of the shipping industry. Dispatchers and carriers are often under intense pressure to quickly secure new loads, leading them to act hastily, frequently without taking the time to fully vet the communication. As researchers noted, carriers “jump on new loads like flies to soup” and are often willing to “throw caution to the wind” to secure the freight, making them particularly vulnerable to clicking a link that appears to be from a trusted broker. This sense of urgency is deliberately leveraged by the hackers, whose targets include commodities like food and beverages, with energy drinks being a frequent target due to high demand and restricted availability in certain overseas markets.
While the specific incidents detailed in the research focus on cargo theft within North America, experts stress that this security issue is a global phenomenon. The complete criminal ecosystem enabling these attacks represents a powerful and effective “marriage of cybercrime and organized crime,” where technological sophistication meets established criminal networks. Though the exact location of the hackers remains unclear, there are indications pointing towards their possible origins in Russia or Eastern Europe. Combating this pervasive problem necessitates a comprehensive and coordinated effort involving law enforcement, businesses, and end-users to identify and collectively tackle the systemic vulnerabilities that these highly adaptive threat groups continue to exploit.
Reference:
