Cybercriminals are launching sophisticated attacks against the North American freight industry, leveraging legitimate Remote Monitoring and Management (RMM) tools to facilitate large-scale physical cargo theft. This emerging threat exploits digital gaps in the supply chain, contributing to an estimated $35 billion in annual losses in the U.S. alone.

How RMM Tools Become a Gateway to Theft

The attack begins with social engineering. Threat actors send malicious emails or create fraudulent freight listings on load boards to lure victims from trucking carriers and brokerage firms. These messages, often disguised as urgent load negotiations, direct targets to well-crafted websites that mimic legitimate carrier branding. Victims are then tricked into downloading an installer file that deploys RMM software such as ScreenConnect, SimpleHelp, or PDQ Connect.

Because these are legitimate tools, they often bypass traditional security measures. Once installed, attackers gain complete remote control over the compromised system, allowing them to conduct reconnaissance and deploy credential-harvesting tools to expand their access.

Hijacking Logistics for Physical Heists

With control established, the cybercriminals pivot from digital intrusion to physical theft. They monitor the carrier’s operations, identifying high-value shipments of goods like electronics and food. The attackers then manipulate booking systems, delete confirmation emails, and even add their own devices to the dispatcher’s phone lines to impersonate the company. By talking directly to brokers, they can reroute trucks to fraudulent pickup locations controlled by their accomplices. Researchers believe these campaigns indicate a collaboration between hackers and organized crime groups to execute these complex heists.

To defend against these attacks, experts recommend restricting the installation of unapproved RMM software, monitoring network activity for unusual remote access, and blocking executable file attachments at the email gateway.