Spear Phishing in the Transportation Sector: What is it and How to Protect Yourself

While the transportation and logistics industry isn’t new to experiencing coordinated “cyber attacks”, cybercriminals are constantly iterating on their methods of infiltration. Just this year, several top IT firms have identified a sharp increase in costly security breaches that all follow a similar pattern. In this pattern, the primary attack vector is a method known as Spear Phishing, and while simple in concept, these attacks have already been effective in high profile data breaches of large and small companies alike.

What is Spear Phishing?

Spear phishing is a cyber-attack technique that targets specific individuals or organizations by sending emails and other communication methods designed to appear as if they are from a trusted source. The malicious intent behind spear phishing attacks is typically financial or espionage related, with the attacker wanting to gain access to sensitive data, such as login credentials to critical systems or payment information.

What makes Spear Phishing so dangerous is how targeted the efforts are. In a traditional Phishing attack, phishing emails and links are sent en masse to contacts across different industries. These messages are often generic in nature and in many cases are relatively easy to spot. 

In contrast, attackers performing a Spear Phishing attack would begin by identifying a single user within a company, and then use the target’s publicly available information to create a more believable, and as a result, more effective attack. These messages often appear as trusted senders in the target’s network, such as a colleague, boss, family member or friend – making it difficult to detect. In addition the attacks often will reference company events, upcoming holidays, etc. to appear more legitimate.

How does Spear Phishing affect the Logistics and Transportation industry?

The logistics and transportation industry is particularly vulnerable to Spear Phishing attacks, mainly due to reliance on technology within the sector. With increased automation across supply chains, cybercriminals have more opportunities to breach systems and obtain sensitive data. 

Additionally, attackers are able to penetrate customer databases and social networks with ease, as they are increasingly connected to transportation companies. This allows them to launch additional attacks from an infiltrated company’s network, adding to the legitimacy of further attacks.

Inside a Spear Phishing attack

As an example of the type of damage a cyber criminal can do from inside a logistics and transportation network, here is an overview of a hypothetical attack vector our IT Security partner has identified this year that could potentially cost hundreds of thousands of dollars.

• Attacker identifies users in accounts payable/receivable and crafts personalized spear phishing messages designed to dupe them.
• Once the target has downloaded the infected file or clicked the compromised link, attackers gain access to their target’s email inbox.
• With email access, attackers configure settings and filters to hide their presence, and begin emailing contacts within the target’s email list 
• The attacker reaches out to the target’s customer (from the employee’s email account) and informs them that they need to update their financial information for future deposits
• Attacker routes all incoming payments to their own bank account.

This is an example of how a Spear Phishing attack can be leveraged by cybercriminals to cost you and your customers significant financial loss. But it is just one of many ways that this sensitive information could be used. This is why implementing the proper IT Security measures is crucial to avoiding the attacks all together. 

How to protect your organization from Spear Phishing attacks

Here are a few protections you should consider implementing at your organization to protect from email attacks:

1. Implement email protections to monitor all inbound and outbound emails. These protections will flag and quarantine suspected emails from ever reaching your inbox.
2. Work with your I.T. Department in order to harden your domain by implementing SPF, DKIM, and enforce DMARC. This will protect your domain from being abused by cybercriminals. Tech Target has an excellent resource for those searching for more information on the importance of SPF, DKIM, and DMARC records for your organizational security.
3. Enforce Multi-Factor Authentication on all email accounts to prevent account takeovers if successfully phished.
4. Rollout a cybersecurity training and awareness course at your organization. Why? Because 19.8% of employees click on phishing links.

Implementing these protections will help your organization to identify and properly protect against suspected email attacks. By ensuring your organization is properly protected you are also helping protect our sector against these attacks.