������ý

(Tero Vesalainen/Getty Images)

[Stay on top of transportation news: .]

Hackers are infiltrating trucking and freight companies in a scheme to steal and sell cargo shipments, a growing campaign that could end up costing companies and consumers billions of dollars, according to new cybersecurity research.

Sunnyvale, Calif.-based Proofpoint Inc. said it has “high confidence” that the hackers are working with organized crime groups to pull off the cargo thefts. The attackers are particularly targeting trucking carriers and freight brokers, seeking to infect their computer networks with tools that provide remote access, with the ultimate goal of hijacking cargo, according to the��research.

The stolen cargo is likely sold online or shipped overseas, according to the report.

“It has this sort of ripple effect across the entire ecosystem, from the ships that deliver them to the ports, that get picked up by the truckers, that get sent to businesses, and then ultimately onto consumers,” Proofpoint senior threat intelligence analyst Selena Larson said, highlighting that these types of cyberattacks have impacts far beyond just the companies that are compromised. “It is a full-scale supply chain threat.”

Such crimes can create massive disruptions to supply chains and cost companies billions, with criminals stealing everything from energy drinks to electronics. Cargo theft losses increased by 27% in 2024 and are predicted to rise another 22% in 2025,��according��to the National Insurance Crime Bureau, which estimates that cargo theft amounts to $35 billion in annual losses.

Larson and threat researcher Ole Villadsen, co-author of the report, first noticed a criminal group carrying out cyberattacks on cargo companies in 2024, and they have since found evidence of at least three distinct groups using such methods. In the last two months, the researchers have observed nearly two dozen campaigns.

Image

Guy Fieri's Santo Tequila company was hit by a double brokering scam last year.��
(Amy Harris/Invision/Associated Press)��

“It’s kind of like a constellation of different threat groups,” Larson said, adding that the cybercrime-enabled heists can be lucrative and challenging to combat. “It really requires a lot of effort on law enforcement, on businesses, on the end user to sort of say, ‘OK, this is where we’re seeing all these things, and here’s how we can tackle this problem as a collective.’”

The cyber-enabled heists rely on social engineering and a knowledge of how the industry works, allowing hackers successfully pass as insiders, according to Proofpoint. The criminals look to exploit supply chain technology intended to move cargo more efficiently.

One tactic the groups use is compromising load boards, marketplaces that facilitate bookings for carriers. When a carrier responds to the posting, the hackers send an email containing a malicious link that installs remote access software on the carrier company’s systems. Remote access software is often a legitimate tool that businesses can use for such things as troubleshooting their own systems, the researchers said.

On Oct. 7, hackers sent an email to a carrier company that had responded to a fraudulent load post from a broker company, according to the report. The email claimed the carrier was “ready to go,” with a pickup and drop off window and load weight. The email linked to an “online setup packet,” which was a malicious link.

Demand is high for shipping loads, and so carriers will jump on new loads “like flies to soup,” ��Villadsen said. The problem is that carriers are�� fast in order to secure the load, and so they may not think twice about clicking on the link, especially since it looks like it’s being sent from a trusted broker.

“There’s a huge sense of urgency to get loads, and dispatchers — the ones who are usually trying to get the loads for the companies — they’re willing to throw caution to the wind if it means they might be able to get a load,” Villadsen said.

The most targeted commodities are food and beverages, according to the report. Larson said energy drinks are often stolen and shipped overseas because some of them are banned or restricted outside the U.S.��

While the attacks that the researchers discuss in their report relate to North American cargo theft, they say this is a global problem. It’s not exactly clear where the hackers are operating from, but Villadsen said there are indications they could be located in Russia or Eastern Europe.

The entire criminal chain of these cargo attacks represents a “marriage of cybercrime and organized crime,” Villadsen said.