215/69 Tuesday, April 21, 2026
Researchers from Proofpoint have revealed that cybercriminal groups are increasingly targeting transportation and logistics companies to gain access to internal systems, enabling cargo theft and payment diversion. These attacks are often linked to organized crime and reflect a growing trend known as “cyber-enabled cargo theft,” where digital intrusions directly support real-world criminal activity. In North America alone, losses from such incidents reached approximately $6.6 billion in 2025.
The attack chain typically begins with the compromise of logistics platforms, such as load boards, followed by phishing emails sent to freight operators. These emails often contain malicious attachments that install remote monitoring and management (RMM) tools like ScreenConnect, Pulseway, or SimpleHelp, allowing attackers to maintain persistent access. Advanced techniques such as “signing-as-a-service” are used to evade detection, while attackers collect sensitive data including financial account details, browser activity, and logistics system information—later used for fraud and cargo theft operations.
Post-compromise activity shows that attackers focus on long-term persistence, surveillance, and deep data exfiltration to prepare for follow-on attacks, such as taking control of payment systems or rerouting shipments. Experts recommend that logistics organizations closely monitor for unauthorized use of remote access tools, investigate unusual PowerShell activity, and track suspicious behavior related to financial platforms to reduce the risk of both digital and physical losses.