Cyber-attacks on trucking

Cyber-attacks on trucking

What they are and how to prepare.

Over the past few years, the trucking industry has become a significant and growing target for digital hackers. It can take businesses 252 days to even identify a cyber-attack during which time the attacker is in the background on your computer or communication system.

Beware: the trucking industry is particularly attractive to cybercriminals because of supply chain pressures and restricted capacities. Most trucking businesses lack the cyber-IT personnel to monitor and block attacks on core computer systems, communication devices and electronic logging devices (ELD). Fact: Trucks large and small are now electronically connected, allowing opportunities for hacking an onboard computer, infiltrate corporate systems, or even shut down a truck completely. Trucks are mobile computers housing vast amounts of at-risk data.

Fleets: According to a Deloitte Center for Controllership poll. “During the past 12 months, 34.5% of polled executives report that their organization’s had a system security breach or hack.

Phishing is still the preferred method of hackers in 2023

Phishing is a computer hacking technique that invades your valuable data and systems to cause disruption and the possibility of the loss of all ability for you to operate. It’s easy to become fooled by a targeted phish, especially when it appears to be coming as a personal email from an employee, management or even from a bank or website you visit. Maybe even from dispatch or operations.

Paradoxically tech advances have made it easier for hackers to phish. They use off – the shelf, very available, digital graphics, apply social engineering data, and a vast array of phishing tools, including AI. Phishing is sometimes accompanied by ransomware, a tactic for hackers targeting leadership at companies or organizations (spear-phishing). In presenting this way hackers have better access to your valuable scheduling and operational data, creating ready yet poorly trained targets. The trucking industry is especially venerable to these attacks, threatening to cripple supply chains.

According to Lookout Cloud Security … the highest rate of mobile phishing in history was observed in 2022, with half of the mobile phone owners worldwide exposed to a phishing attack every quarter! The Lookout report was based on data analytics from over 210 million devices, 175 million apps, and four million URLs daily. It noted “non-email-based phishing attacks are prolific with vishing (voice phishing), smishing (SMS phishing), and quishing (QR code phishing) increasing sevenfold in the second quarter of 2022.” The damage can be catastrophic for trucking businesses that fall victim to mobile phishing attacks.

Lookout calculated that the potential annual financial impact of mobile phishing to an organization of 5000 employees is nearly $4m USD

Warning: Mobile devices in your truck are always at risk of cyber-attacks.

  • In 2022, 76% of organizations were targeted by a ransomware attack, out of which 64% were actually infected. 
  • Only 50% of these organizations managed to retrieve their data after paying the ransom. 
  • 66% of respondents reported having had multiple, isolated infections. 
  • New cyberattack tactics rise, as ransomware payouts increase.

Train-up to become savvy. 

Trucking companies must ensure enterprise systems, personal devices, proprietary software are run according to policy and check current System Updates to plug any potential vulnerabilities. Enterprise devices should be overseen by experienced data managers with cyber security training. Here are a few guiding questions to assist in identifying a threat. Your answers will provide an indication to conduct more research before trusting.

Take time each time…

When viewing all incoming content review the following Q’s…

  • Does it provoke an emotional response?
  • Does it make a bold statement on a controversial issue?
  • Is it an extraordinary claim?
  • Does it contain clickbait?
  • Does it have topical information that is within context?
  • Does it use small pieces of valid information that are exaggerated or distorted?
  • Has it spread virally on unvetted or loosely vetted platforms?
  • Does the message channel match the owner’s URL?

While cybersecurity capabilities and awareness seem to be improving, unfortunately the threat and sophistication of cyber-attacks are matching that progress. The Federal Government said last fall “The Canadian Centre for Cyber Security (Cyber Centre) has released its National Cyber Threat Assessment 2023-2024, alerting that state sponsored and financially motivated cyber threats are increasingly likely to affect Canadians, and that foreign threat actors are attempting to influence Canadians through use of misinformation, disinformation and malinformation in online spaces.

Important point-outs >

  • Ransomware is an ongoing threat to Canadian trucking organizations. Cybercrime continues to be the cyber threat activity most likely to affect Canadians and Canadian organizations. Due to its impact on a trucking company’s ability to function, ransomware is almost certainly the most disruptive form of cybercrime facing this industry. Cybercriminals deploying ransomware have evolved in a growing and sophisticated cybercrime ecosystem and will continue to adapt to maximize gains.
  • Cybercriminals are increasingly targeting critical infrastructure because downtime can be harmful to trucking and the customers served. State-sponsored actors also target critical infrastructure for various reasons such as collecting information through espionage, pre-positioning in case of future hostilities, and as a form of power projection and intimidation. 
  • Disruptive technologies are innovations that significantly alter the way that consumers, industries, or businesses operate. They sweep away your systems and replace them with the system that sees as recognizably superior attributes. 
  • Digital assets such as cryptocurrencies and decentralized finance are both targets and tools for cyber threat actors to enable malicious cyber threat activity. Machine learning has become commonplace in consumer services and data analysis, but cyber threat actors can deceive and exploit this technology. 
  • Quantum computing is a rapidly emerging technology that harnesses the laws of quantum mechanics to solve problems too complex for classical computers. It has the potential to threaten our current systems of maintaining trust and confidentiality online. 

Cyber prevention tools

  • Use a cloud storage service to ensure security. With timely Updates and expert supervision, you can feel the front line is solid.
  • According to a report put out by the Canadian Trucking Alliance, cybercrime is a growing threat in the trucking industry, and small- and mid-sized businesses could face the biggest risks. Transportation and transportation infrastructure operators need to respond with network fortification measures and transport-specific incident response plans. T&L companies should begin to drive a cybersecurity agenda by assessing the level of cyber protections in their OT and IT equipment and programs.
  • Set up safeguards in the most critical and vulnerable applications and networks.
  • Trucking and logistics organizations must work with a trusted managed website and order entry marketplace security service provider.
  • Train all staff with helpful direction on security breach prevention programs…with constant reminders.

Cybersecurity is critically important to Canadians and the trucking industry. It is essential to prioritize trucking cybersecurity technology 24/7. The threats of cyber-attacks and their impact on the trucking and transportation sector is a growing concern in 2023. Transportation and logistics companies are now among the top-targeted industries by computer hackers. Make the investment to stop and prevent cyber-attacks. You may be a risk right now.