Why Weak Cybersecurity Leaves Your Freight Vulnerable to Cargo Thieves

Marli Hall - September 25, 2024

High-value cargo theft has jeopardized the livelihoods of supply chain businesses for decades. Shippers entrust brokers and carriers with safely moving their shipments from point A to B. All it takes is one costly incident for a transportation business to lose its reputation. 

Today, cargo thieves are out for high returns, conducting their crimes at an alarming frequency. CargoNet reported that during Q1 of 2024, on average, a stolen shipment was worth $281,757. During the same quarter, the number of cargo thefts rose by 46% over Q1 2023, which was also a 10% increase compared to Q4 2023. 

Although the numbers decreased 10% in Q2 2024 from Q1 2024’s high, Q2 2024 still exhibited a 33% year-over-year increase in stolen cargo incidents, CargoNet revealed. This continues the longer-term upward trend, with 771 reported incidents in Q2 of 2024.

Thieves have evolved from the days of breaking into parked trailers. They use sophisticated digital tactics to target shipments, deceive their victims, and re-route freight. This offers bad actors ample opportunities to uncover sensitive information, which often lives in unsecured places in their software, email correspondence, or electronic load documents.

“Most of these attacks are facilitated through the lack of good cybersecurity practices, or even basic cybersecurity practices in some cases,” said Artie Crawford, CISSP, CISM director of cybersecurity for the National Motor Freight Traffic Association Inc. (NMFTA)™ .

Like locking one’s doors and windows can deter a burglar who will then look for an easier target, implementing basic cybersecurity can go a long way toward preventing attacks from bad actors. 

While often, companies are targeted by unseen and unknown criminals, Transport Topics found that 21% of incidents actually involve insiders of an organization. This could be a current or terminated employee looking to exploit their position or do harm.

Multi-factor authentication (MFA), credential management, patch management, and, of course, staff education are some foundational protections every business could employ to improve their cybersecurity. Criminals commonly prey on a business’s weak network security, such as outdated software or weak passwords, to access operating systems. From there, they can find financial information, hold a company’s data for ransom, or—in the case of a transportation business—steal freight. 

Addressing vulnerabilities in internal operating systems and software the company uses is critical, but criminals may also try to gain access to company data by simply tricking employees.

“You have business email compromise, leading to impersonation scams,” said Ben Wilkens, CISSP, CISM cybersecurity principal engineer for NMFTA. “You have phishing and social engineering that leads to credential theft and access into a broker, a shipper, or a carrier’s systems. You have website poisoning and lookalike domains.”

Phishing, the most common cyberattack, was once easily recognizable. It was characterized by poor grammar and spelling from unfamiliar senders. Now, it’s become harder to spot, as criminals tailor their emails or text messages using industry-specific terms, names of C-level executives, or lookalike domain names to fool victims into thinking they are legitimate.

Last year, such cyberattacks hit close to home when bad actors posed as a popular load board in a phishing attack. Users received emails with lookalike sites linked as the landing page, and once clicked the bad actor could steal their credentials and post fake loads onto their accounts.

Carriers also run the risk of falling for impersonation scams, which can sometimes be elaborate. Scammers could modify Federal Motor Carrier Safety Administration (FMCSA) account details to masquerade as a legitimate carrier for months, building trust with a shipper or broker only to strike at the opportune moment and hit high-value shipments.

Bad actors could even simply modify a paper bill of lading, using tools to make it appear legitimate.

“Using digital tools like a PDF editor, thieves can scan and edit bills of lading of loads in transit, then reprint and cover up missing cargo from delivery and facilitate undetected pilfering and short-delivery,” Wilkens explained.

Another common scheme involves criminals searching load boards for high-value freight and repeatedly calling a broker posing as a carrier (or multiple carriers), often backed up by stolen carrier identities gained through a cyberattack. By breaking the broker down with repeated calls, they can win the load. From here the freight is either resold to an unsuspecting legitimate carrier by the same criminal now posing as a broker or loaded directly onto the criminal’s own asset. The freight is then taken to a cross-dock location where the laundering process starts.

Luckily, while criminals have adopted more advanced methods, carriers don’t have to be caught off guard by them.

“The tools that are being used to facilitate these kinds of actions are the same tools that we can use to defend ourselves,” Wilkens said.

This means implementing good cybersecurity practices and taking advantage of the resources on the market to add another layer of protection against cargo theft. For example, fleets can install door sensors, which allows them to know if a door has been opened in a location where there wasn’t a scheduled stop.

“Everyone protects their vehicles with insurance – basic cybersecurity can provide a level of protection for your entire company,” Crawford said.

Starting conversations with peers in the industry about how breaches have occurred or been prevented can build awareness and empower businesses to make changes in their own cybersecurity.

“I think that even though criminal organizations are increasing in their sophistication and scale, so too are the people on the defensive in our industry, and I think that as we have more and more conversations and raise more awareness of the risks and what to do about them, to lower that threat, I think we can start turning the trend around,” Wilkens said.

The conversation around cargo theft and other cybersecurity topics will continue at NMFTA’s Cybersecurity Conference, which will take place from October 27 to 29 in Cleveland, OH. Learn more and register at www.nmftacyber.com.

Marli Hall
Marli Hall