Pratum Blog

Avoiding The “Cyber-Highwayman”

Semi truck driving in tunnel

As technology in the transportation and logistics sectors grow increasingly interconnected, the risk of cyber attacks rise. Transportation companies are being forced to find new ways to defend against ever-evolving threats.

On the morning of September 1, 2022, dozens of fleet taxis converged on one of the busiest streets in Moscow, halting traffic. Yandex Taxi suffered a successful attempt by hackers to disrupt their transportation system by ordering a hundred vehicles to a single pick-up point. With the advent of new transportation technology comes a host of new vulnerabilities. In the past ten years, cyberattacks have increased exponentially, with a staggering increase in numbers. Since 2010, cyberattacks on both individual vehicles and fleets have increased by 344%. Attacks like these can compromise, cripple, or even destroy a fleet business. Transportation companies must evolve their traditional loss-prevention concepts and develop a comprehensive approach toward a company-wide cybersecurity mindset.

Attacks on the Road: Then and Now

Before the combustion engine, a bad actor who robbed people on the road was referred to as a “highwayman.” But as technology has evolved, so have criminals. Years ago, a criminal had to break a window or door and then hot-wire the ignition to steal a truck and its accompanying cargo. Nowadays, once thieves hack into the vehicle’s interface, or access one of its mobile apps, there is nothing stopping them from simultaneously unlocking the doors, and remote starting the vehicle. Technology can be used to remove all physical barriers to access. That’s only part of the problem. Theft, which used to be the primary outcome stemming from a truck trespasser, is now not even the worst thing that can happen. Although outright vehicle theft is an obvious risk that can be mitigated with good cybersecurity, modern trucks hold information that is even more valuable than the cost of the truck or its cargo. They store enormous amounts of proprietary business data.

Fleets are first at risk of having intellectual and business information property stolen, which can then be used to commit broader crimes against the company or others. An individual who hacks into a vehicle can gain access to specifications, maintenance records, operational data, route information, and even personal information. The cyber-highwayman can discover a vehicle’s travel history, the home address of the driver, inventory and routes and vulnerabilities in both the physical and digital network. Once inside the network, the attacker will find a target-rich environment.

Vehicles don’t need to move an inch for ransomware to create massive problems for a trucking business. A delivery fleet hacked during the Christmas rush doesn’t need to be physically commandeered to disrupt the holidays. A hacker who can disable the locks can either hold packages hostage or make those packages accessible to looters. The scale of the threat is huge and limited only by the imagination and skill of the cyber-highwayman performing the attack. Fleets are highly tempting targets, and due to the complexity of physical and digital security, potentially have numerous vulnerabilities.

Anatomy of a Truck-level Breach

Enemy nations can attack supply chains at the transportation–level, but there is also incentive for criminals, both foreign and domestic, to take advantage of transportation network vulnerabilities.

While hackers may begin an attack with a specific goal, the more likely attack is one which seeks the first, fastest or easiest opportunity available once a system has been breached. In most cases, they are simply looking for easy money. Bad actors are flexible: even if they had an original goal, once they have hacked into a system, they can easily pivot to richer or more available targets. That makes it harder to defend against their attacks.

There are many actions hackers can take at this point, and it is not limited to outright truck or cargo theft. The odometer mileage can be rolled back when making warranty claims, or rolled forward for making individual mileage claim reimbursements, for example. A lessee could roll back the odometer and not pay for the miles they drove/leased. You could even disable exhaust after-treatment systems, avoiding diesel exhaust additive costs, for example.

Managing the Complexities of a Fleet

At the Fleet Data Management & Cybersecurity Conference hosted by the American Trucking Associations’ Technology & Maintenance Council, Mark Zachos, regional chairman at SAE International said, “What I don’t think that we pay enough attention to, frankly, is that data, equipment, the laptops, the interface device, the maintenance tools, maintenance equipment, that too needs to have security and privacy provisioned into it.” Zachos mentioned that location and performance data of vehicles is tracked remotely, but that is just the beginning of a fleet’s security vulnerability. Competitors or other spies can gather intelligence, but – more than that, they can also potentially compromise trucks.

“Maybe they de-rate the engine,” Zachos said, “Maybe they drain the DEF or all the sensors. Maybe they turn the seat heater up so the driver doesn’t want to sit there anymore. And finally, the safety issues like disabling the brakes.“

Hackers can target telematics systems and application servers or take advantage of mobile apps. The hacker pretends to be someone else and pairs the hacked-in app with a vehicle they do not own.

The threat is evolving constantly.

Taking Advantage of the Human Factor

Vehicle security should be approached by vehicle operators as if it is a new computer network. Yes, it will have robust cybersecurity systems built in, but as with all security technology, the most crucial element is a well-trained human with a cybersecurity mindset. Truck operators should be trained in and understand their company’s cybersecurity approach starting on Day One. Just as cyber-aware individuals will buy software and commit to practices that go beyond the technology built into their new personal device, cyber-aware transportation employees will be active contributors to the security of vehicles and the supply chain overall. No matter how good the built-in proprietary cybersecurity system is for a truck, or an entire fleet, extra protection and participation is critical.

Dan Murray, senior vice president of the American Transportation Research Institute makes it clear that, whether modern technology is promising autonomous vehicles or other AI-features, the human operator will continue to be the main actor. “When you get to Level 4, even potentially 5, the driver is still going to be king.” The same applies to cybersecurity. The driver must be equipped with the right technology, but that must be accompanied by the correct training and an understanding of the company’s robust approach to cybersecurity.

So, it isn’t just about technological defenses, it is also about training drivers to better understand their own trucking tech in order to be cybersecure.

Securing the supply chain against bad actors and technological failure requires complex, strategic planning but the first line of defense can – and should – be developed at the operator level. Transportation companies need a trusted advisor who has the experience, expertise and ability to help the fleet manage risk end-to-end.

For transportation cybersecurity planning and execution, contact the experts at Pratum today.

BEC Attacks use sophisticated techniques that can trick all but the most attentive email users. Attackers typically impersonate a legitimate contact asking for a transfer of funds. But when victims send the money, it lands in a bank account controlled by the bad guys. The hackers quickly conver the money to crypto currency or shift it into other untraceable channels. It may be days before you even know you sent the money to an imposter.

Here are the key stages of business email compromise:

Stage One: ID Target

Highly organized hackers use LinkedIn, company websites and other resources to identify executives, accounting employees and others who could be high-value targets. Social media lets them craft highly personal attacks using names of acquaintances, actual travel plans, etc.

Stage Two: Grooming Target

With their target selected, hackers begin using spearphishing emails, phone calls and other approaches to get targets to unwittingly give up their login credentials.

Stage Three: Transfer of Information

Hackers spring the trap by inserting themselves into an email thread and asking for a transfer of funds whie posing as a legitimate contact.

Red Flags of Business Email Compromise:

  • Spoofed address. Look carefully at the actual domain name, not just the sender's display name. This spoofed domain has an extra character in the company name.
  • Malicious link.This link actually leads to a credential harvesting sitee. Hover your mouse pointer over the link before clicking it to confirm that it's going to the expected address.
  • Real data used to fool you. Because hackers may be monitoring your email, they may jump into a legitimate thread. In this case, the first message in the sequence came from a real vendor talking about a real invoice. The hackers have inserted themselves and took over the discussion, cutting the real vendor our of the thread.
  • Timing. This is a fake email from the scammer, who sent the request late in the week, hoping to catch an employee rushing to complete tasks before leaving.
  • Suspicious attachments.If you're not expecting an attachment, don't open it. Call the sender to confirm it's a legitimate file.
  • Sudden change in normal procedure and/or urgency. Be extremely wary of changes in deadlines, bank accounts, etc. Call your contact to confirm what's happening.
  • Unusual name usage. Hackers posing as legitimate contacts often fumble the details of names, so pay attention to any discrepancies such as someone who normally goes by "Michael" signing a message as "Mike."

Stage Four: Wire Transfer

Victims fall for the fraud by sending funds to a bank account that's actually operated by the criminals.

Teach your team to understand how to spot business email compromise and prevent potential attacks. To learn more about Pratum's security consulting services, contact us today.

Be prepared for a mistake! Perform a business impact analysis to understand how various cyberattacks will affect your business.

Bob manages inventory at a mid-size manufacturer. On a very busy day, Bob sees an email from the IT team asking him to confirm his login information. He clicks a link, confirms his login credentials and gets back to what he was doing.

Without knowing it, Bob just gave his credentials to a hacker, who logs into the company environment and starts figuring out what they can access.

A few seconds of carelessness by Bob trigger a chain of events:

A month later, the hackers send the company an email announcing that they have encrypted most of the company's data and want a $500,000 ransom to release it.

The Impact

  • While the company decides what to do, all operations at the plant shut down.
  • Managers send 55 workers home for two days at half pay.
  • The company misses $75,000 worth of deliveries.

The Impact Severity

  • The company decides not to pay the ransom, but it spends $45,000 recovering its data and investigating the breach.
  • Three major customers lose faith in the company's ability to deliver and decide not to renew their contracts totaling $325,000 in lost business.
  • Because of the breach, the company's cyber security premium goes up $15,000 per year at renewal time
  • The combined costs of the breach mean the company misses it's revenue target and can't pay bonuses.
  • Reduced demand next year requires the company to lay off 5 employees.

To learn more about Pratum's security consulting services, contact us today.

The information we track while users are on our websites helps us analyze site traffic, optimize site performance, improve our services, and identify new products and services of interest to our users. To learn more please see our Privacy Policy.