Organizations in the transportation and logistics sector have more recently become a favorite target among cybercriminals. The past few months saw several cyberattacks seeking the disruption of these companies. A disclosure by the New York’s Metropolitan Transit Authority (MTA) is the most recent attack incident in this domain.
Most of the targeted organizations were located across multiple regions, including the U.S., the U.K, Ireland, Germany, and Japan.
- Recently, a batch of new malicious Android applications was discovered using fake apps for FedEx Mobile, Correos, and DHL Express Mobile. These apps were spreading TeaBot and FluBot trojans.
- Microsoft warned about an ongoing spear-phishing campaign targeting travel and aerospace organizations with RevengeRAT and AsyncRAT being deployed with the use of a new Snip3 loader.
- In addition, the UNC2529 threat group targeted organizations worldwide via phishing emails, including organizations in the transport industry.
- Other organizations that witnessed cyber incidents include Merseyrail, Ministry of Transport (Japan), Bergen Logistics, Air India, Uber, Lyft, and Glovo.
Common attack attributes
In most of the incidents, attacks were carried out by individual hackers and state-sponsored attacks and malware-based attacks were observed.
- Lockbit, CaptureRx, Cuba ransomware, and Darkside are some of the prolific ransomware used for these attacks.
- Tactics, such as spear-phishing emails, spam SMS, and the use of fake applications pretending to be genuine apps from companies have been widely used.
Attackers are increasingly using popular brands in the transportation and logistics sector to lure victims. Therefore, users need to be extra cautious when dealing with related activities. They need to be careful while providing details over email or phone calls, or while downloading mobile applications to track their packages.