Ransomware hackers may come for owner-operators next

The transportation industry was slow-moving toward fast-tech. But today, freight tech has revolutionized the brokerage business through digital freight matching, and commercial trucks commonly travel with dashcams, electronic logging devices (ELDs) and trailer trackers. After tech overcame initial resistance, its bright side became evident: More efficiency and visibility benefit both consumers and the bottom line.

But new threats have emerged as well. In October 2019, the FBI announced that ransomware actors are actively targeting the healthcare, industrial and transportation industries. A report from Malwarebytes revealed that in the first quarter of 2019 alone, ransomware attacks increased 195%. The report further noted that hackers are targeting small- to medium-size businesses, which in the transportation sector means smaller carriers and owner-operators.

“Owner-operators and big logistics firms alike are facing the same broad set of risks,” said Norm Thomas, general manager of PowerFleet for Logistics.  “They are all integrated into freight brokerage systems and other platforms that have sensitive data on freight and assets that make them a target.”

Ransomware is a type of malware — software designed to damage a computer network. Ransomware’s characteristic weapon is encrypting files on a server to the point that they become unusable. In the transportation sector, hackers can shut down a fleet’s transportation management system (TMS), divert cargo from its destination or compromise trade secrets.

If targeted companies don’t pay what the hackers demand, the hackers can delete a compromised program and lock a firm out of its own data. What’s at stake? A company’s bottom line and ability to keep a secure network with larger carriers, third-party logistics (3PL) providers and shippers.

“Regardless of the technique that perpetrators use to attack their victims, their goal is extortion. And extortion, including cyber-enabled extortion, can cripple a victim business and wreck personal lives,” said Marcus C. Thomas, chief technology officer for security company Subsentio and former assistant director of the FBI’s Operational Technology Division.  “The key to ransomware defense is prevention and preparation.” 

It’s not the cargo the hackers are after: It’s having data that tells when and where the cargo is traveling and could be useful in criminal acts like corporate espionage. Since the ELD mandate took effect in December 2019, all commercial trucks on the road log hours worked and distances traveled electronically, but not all ELDs have the same security standards, such as encryption.

Owner-operators with vulnerable ELDs could be the target of ransomware hackers who want private and sensitive data. While a large number of owner-operators and legacy trucking companies have invested in newer technologies, they don’t always prioritize an investment in security.

“You’ve got companies that want to get on the web and buy the infrastructure, but security doesn’t come in as a question until the bitter end,” said Steven Kraus, senior security engineer for Genuine Parts Company in Atlanta. “It turns into what we call ‘technical debt.’ They don’t really want to spend to secure, because they don’t get anything in return if they don’t get attacked. In reality, they don’t see that they’re probably getting attacked every day, but the attacks aren’t successful.”

Experts believe that ransomware events occur far more frequently than reported, but because admitting attacks could invite additional ones, companies keep quiet. Several recent attacks, however, have made their way into headlines.

In December 2019, the middle of peak retail season, Truckstop.com suffered a ransomware attack that prevented its 200,000 active users from using the load board, as well as payment and online carrier safety services for seven days. The summer of 2019, hackers struck A. Duie Pyle, a less-than-a-truckload company out of West Chester, Pennsylvania, by comprehensively disrupting the company’s communication system with shippers, including its phones, email and website.

While security measures require companies to invest in software solutions like firewalls, antivirus and the cloud, Kraus says they are only as good as the people who manage them. There’s not a one-size-fits-all solution.

“These solutions aren’t going to stop Jane in human resources from clicking on a phishing email,” said Kraus. “For small companies, cloud may be the solution for you, but if you’re a midsized to large trucking firm, you may want a hybrid cloud solution where you’re running your websites in the cloud, but keeping your databases local so you can keep control of those.

It is only a matter of time before ransomware perpetrators go downstream to owner-operators who use unprotected devices. Ransomware could cripple our nation’s transportation infrastructure if firms don’t protect their data and demand more stringent security compliance.