Advanced remote access campaigns have been executed by threat actors compromising organizations in the logistics and trucking industry, according to The Record, a news site by cybersecurity firm Recorded Future.Proofpoint researchers who intentionally downloaded an illicit payload used to breach a load board platform into a controlled decoy environment discovered that attackers subsequently installed half a dozen remote access tools, with the last of the four ConnectWise ScreenConnect instances including a script that enabled automated external certificate signing service queries. Adding the signing-as-a-service tool may have been necessitated by recent safeguards implemented by ScreenConnect, said researcher Ole Villadsen. Attacks against the cargo sector also entailed scanning for cryptocurrency wallets, PayPal credentials, load management and freight brokerage software, and other access points."They know the transportation industry really, really well for sure, and know how to target that particular space. But they're also cybercriminals, and they're looking for any way that they can monetize a workstation that they've landed on," noted Villadsen, who added that nearly a dozen threat operations have been setting their sights on North American and European cargo and shipping firms.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds