CyberWire Daily - Yippee-ki-yay, cybercriminals! [OMITB]
Episode Date: December 25, 2025While our team is out on winter break, please enjoy this episode of Only Malware in the Building. Welcome in! You’ve entered, Only Malware in the Building. Wrap yourself in a warm blanket, pour you...r favorite mug of tea, and join us each month as we unwrap the season’s juiciest cyber mysteries. Your host is Selena Larson, Proofpoint intelligence analyst and host of their podcast DISCARDED. Inspired by the residents of a building in New York’s exclusive upper west side, Selena is joined by her co-hosts N2K Networks Dave Bittner and Keith Mularski, former FBI cybercrime investigator and now Chief Global Ambassador at Qintel. Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, we explore Remote access, real cargo: cybercriminals targeting trucking and logistics. From clever schemes to protect shipments to the tools cybercriminals use, our guests discuss how organizations can safeguard physical goods in an increasingly connected world—because even during the season of hustle and bustle, the threats don’t take a holiday. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyberwire Network, powered by N2K.
Most environments trust far more than they should, and attackers know it.
Threat Locker solves that by enforcing default deny at the point of execution.
With Threat Locker Allow listing, you stop unknown executables cold.
With ring fencing, you control how trusted applications behave, and with
Threat Locker, DAC, defense against configurations, you get real assurance that your environment
is free of misconfigurations and clear visibility into whether you meet compliance standards.
Threat Locker is the simplest way to enforce zero-trust principles without the operational pain.
It's powerful protection that gives CISO's real visibility, real control, and real peace of mind.
Threat Locker make zero-trust attainable, even for small security teams.
See why thousands of organizations choose Threat Locker to minimize alert fatigue,
stop ransomware at the source, and regain control over their environments.
Schedule your demo at Threatlocker.com slash N2K today.
Okay, so tell me this doesn't feel exactly like the start of that one movie.
Yeah, office party, lights flickering, everyone pretending to be festive while secretly thinking about email notifications.
Oh, yeah, what's that one movie where the guy's just trying to enjoy the holiday and then everything goes terribly wrong?
That's like half the Hallmark Channel, Dave.
No, no, I know what he means. Big Building, Holiday Party, Chaos.
Oh, no, wait a minute. You're thinking of...
Yeah, that one. Don't say it.
Welcome to party, pal.
Unauthorized access. Preaching employee login credentials.
Uploading payload into email boxes.
Penetrating HR's auto-reply templates.
And there is. Unauthorized access detected.
Merry chaos, everyone.
Looks like someone just crashed our night.
Uninvited guests?
Looks more like Hans Malware.
Please don't.
Attention, everyone.
McLeighton mode, activate it.
Great.
Now we ruined a perfectly good party.
Not cool, Dave.
Oh, right.
Good point.
Look, this is no ordinary breach.
It's moving toward the core, the server room.
If it hits that, it nukes the backups, we're toast.
So what's the play here, Selena?
We can only stop it from the server room,
but the doors are locked from the inside,
and maintenance has gone home already.
The only way in is through the overhead vent.
Perfect.
Selena, you get in the vent.
Get in the what?
No, I'm not getting in the vent.
Can we just let the malware win this one time?
Come on, Selena.
You're our only hope.
Fine.
Great.
Here, take this radio so we can stay in touch.
Become a fret researcher, they said.
It'll be fun, they said.
Now I know what a TV dinner feels like.
Selina, you're doing great.
Remember, you're our McLean.
Do what you do best.
I can see the server hatch ahead.
I'm going to pop in and pull the physical power lines.
Ready to cut it off?
Ready? Do it now.
We sing all thumbs up with passive, aggressive times.
The system's clean. We save the day.
Yippikaye, mother.
Dave, family show.
Motherboard. I was going to say, motherboard, motherboard.
Sure you were.
Well, that's one way to save the holidays.
Hello to all our listeners and welcome to only malware in the building.
I'm your host, Selena, joined by Dave and Keith.
And I'm very excited.
It's our December episode.
The holidays are right around the corner.
Are you guys gearing up?
Are you ready to take some time off?
Rest and relaxation.
Oh, yeah.
All set.
You know, got the turkey in me.
The tree is up.
We decked the halls.
We are all set.
I'm waiting for Santa.
Mm-hmm.
All I want for Christmas is you.
And dips, I imagine.
And dips.
Oh, that's even better.
All I want for Christmas is dips.
And the presents under the tree or whatever it is that you're cooking this week, this month.
All of these things come from a supply line.
And how do the presents get under our trees or all of our new shoes and clothes and food and yummy energy drinks,
Mold wine, cider.
Santa. It's Santa, Selena. It's Santa. Santa is the supply line.
You're going to tell me different?
Well, Sansa might be targeted by threat actors this holiday season.
And today we're going to be talking about cyber threats to things that impact physical goods and real cargo.
And this is something that I'm very excited about, very interested in.
ProofPoint, my colleague, Ulivenson, recently published some research on this.
And earlier this year, we published some other research about some other research about
scammers basically using a request for quotes to steal a variety of goods.
And so today, on today's episode, we're going to be talking about how cyber threats impact
the physical goods that we use every day.
So you guys ready?
I am so ho, ho, ho, ho, ready.
Amazing.
All right.
Well, I will kick us off describing this research.
And then do you guys, I'm curious to hear your thoughts.
thoughts about it. And Keith, I know that we had chatted about some overlap with other threat actor
clusters. So I'll go ahead and start with the cybercriminals that are actually targeting
tracking and logistics to deliver remote monitoring and management software. Now, we've talked
on the podcast previously about how RMM tools, which are legitimate enterprise software that
are being used maliciously by a variety of different threat actors, has becoming increasingly popular.
But now what we're seeing is this increase in cybercriminal activity that is actually targeting
cargo freight and ground transportation, these types of things.
And what they're doing is in many cases, they're compromising these load boards or where
the actual carriers and brokers post loads that need to be driven to a place.
The threat actor will post a fake load, reply with a malicious link actually responding to
the carriers who are like, yeah, I want this load.
And then they will actually link to an RM that is basically used to hijack these carrier accounts.
Then they will bid on real loads.
and then they will do a variety of things,
but ultimately what it leads to is cargo theft.
And through my research, I've discovered, basically,
this is kind of like a new take on an old threat.
Going all the way back,
you guys remember Butch Cassidy and the Sundance Kid?
Do I ever?
Exactly.
I mean, they were going after trains.
We had the mob going after cargo theft in the 60s,
and now, of course, we have organized crime groups
that are targeting cargo,
and now we have a cyber criminal angle
where they're partnering or working with these organized crime groups to do some of this stuff.
So, yeah, so we published some new research on this, and it's actually really interesting.
And I'm curious, you guys, are you familiar with this at all?
Was this research surprising to you?
It's a little surprising to me, but like you mentioned, you know, like organized crime is always going after, you know, cargo diversion or trying to, you know, get that new, like a truck full of nice suits or cigarettes or something like that.
So to see the cybercriminals pivot into this is kind of just that next evolution, which was very fascinating to me.
I read your research, Selena, the proof point research, and actually we covered it on the CyberWire Daily.
And I guess in my mind, sort of like what Keith is saying, when I think of cargo theft, I think of the Sopranos.
Yeah.
And a couple of guys pulling over a semi-truck and telling the driver to take a walk while they unload the back of the truck.
truck, you know, full of flat screen TVs or something like that. I mean, Keith,
what's, it was, is that a reality from your days in law enforcement? Like, does that, do those
things, are trucks actually, like, forcibly pulled over and just robbed? Absolutely. Yeah,
you know, robbed or, you know, they, they bribed the driver and, you know, so what, you know,
one of the biggest heist ever, I think, in U.S. history was, was the mob, you know, I can't remember
the details, but I just remember it was something.
a JFK where there was a bunch
of goods that they stole
and I just can't remember the details off the top
of my head, but yeah, this is
a common thing for organized crime for sure.
Well, and what I thought
was actually really interesting. So I
went into this thinking, well, first of all,
it was really interesting to me because
the RMM payloads and some overlap
with a threat actor that was previously delivering
ransomware sort of affiliated
types of payloads like DanaBot, for example,
these payloads that were initial access
that could be used for ransomware. So,
In my head, I was like, oh, okay, this threat actor is targeting cargo freight theft.
Like, maybe they're doing this for ransomware, just based on the payloads.
And then that actor kind of disappeared a little bit.
And then we saw this resurgence of cargo targeted theft using RMMs.
And I was like, oh, okay, like, did ransomware threat actors pivot to RMMs?
And then we started investigating more and more about the actual activity, what they were doing,
and some of the overlap with publicly reported data.
So, Reddit is a great place for intelligence gathering and open source intelligence.
I have to say, there are so many subreddits about so many things, and including cargo.
So there are many, many people who are kind of sharing their experience.
There's also some posts on Facebook that we're talking about, oh, my company or my friend's company was hacked, and this is what the threat actor did.
And there was one particular Reddit post that really caught our eye that we were able to sort of link together was happening.
So essentially, this person described that the attacker compromised the company via an RMM delivery.
They deleted existing bookings and blocked dispatcher notifications.
They added their own device to the dispatcher's phone extension.
They book loads under the compromised carrier's name and coordinated the actual transport.
So they were telling people, here's where you go to pick this up and drop this off.
So it's really interesting to kind of see this whole, the summation of, okay, the threat after is using this RMMs to do a full takeover.
And then actually they know the industry enough.
They know these companies well enough and the process of how.
this dispatch and carrier and
brokery works to
do all that themselves.
Well, can we walk through a sample of this?
So let's say that I have ordered
a container full of dips
to come over from overseas, right?
All of my favorites.
And this container is coming over on a container ship
and I'm expecting it to cross the Atlantic
and then be trucked to my warehouse
where I will consume them.
What happens to,
what are the bad guys doing
to get in the way of all of that
and how does it play out?
Yeah, so there are a lot of different ways
potentially that a threat actor could do this.
So first of all, the actual compromise has to happen.
So let's say the threat, the threat actor is already taken over this.
And they say, I got eyes on these dips.
I want these dips.
So what they'll ultimately do is they will either do something called double brokering,
where they will basically buy and then sell and make a profit a little bit on that cargo.
And the person that is actually participating in the double brokering doesn't maybe even know
that, A, it's being double brokered, or B, that it's a criminal activity.
B, it's entirely possible that they work with people and they'll pay somebody to go,
they'll book somebody to go pick up those dips and then drop them off at a warehouse that is
owned by the criminals that they're actually working with.
In that case, the driver might not know that they are, you know, working for somebody who's
actually doing this maliciously.
They just think that it's, you know, legitimate booking.
So, okay, I'm going to go pick this up and drop this off and have no interaction with any
criminals myself.
And then finally, they could potentially be using somebody that isn't on it.
and then they would then get a cut of whatever the profits are.
So there are many ways that this could theoretically happen.
But what we see a lot of is the actual sort of fake bids, the email threads,
either the thread hijacking or the bids that are posted maliciously on these load boards
to try and engage people with actually kind of doing the initial compromise.
So we don't necessarily observe the follow-on activity,
how it gets to the warehouse or wherever it's being shipped to, but based off of public reporting
and a lot of information that has been shared in congressional hearings, as well as some
really interesting reports in various media. I think 60 Minutes did a pretty good sort of overview
about what this is and how it works. Yeah, it's really pervasive. And I want to highlight here,
too, that cargo theft in general is a $35 billion loss sort of crime. And, and,
annually, according to the National Insurance Crime Bureau here in the U.S.
So it is big money.
And that's all not just cyber enabled, but all cargo theft.
So when you think about this, it's fascinating to me because you just kind of look at the
evolution of the cyber threat actors where generally, you know, they've gone after the finance
departments, but now they're pivoting to supply chain, procurement, dispatch operations, really
all sectors with weak security.
So, you know, a lot of people probably in shipping logistics, they're not.
really cyber savvy. They're not really thinking about cybersecurity from that. The other interesting
thing in this is kind of the pivot to the goods like you were saying. So when you think about it
from a cyber security, like a cyber criminal group, now you have goods that you've stolen
that now makes it easy to launder the money because now you have, you've purchased your
inventory allegedly, you know, like for free from stealing it. And now you're able to put this up
in maybe online marketplaces or maybe even physical storefronts sell that and then you have
your profit. So really everything is being laundered through these operations and it's much more
evolved than just trying to go in, you know, hack into a computer and then wire that money out
there and then trying to launder that money. And so this kind of reminds me a little bit of a pivot.
some of the Russian cybercriminals a number of years ago,
what they were doing was they were using stolen funds from their bank accounts,
like from transferring from stolen bank accounts,
to buy goods to then ship that over to Russia and then sell it.
And then, you know, that's how they kind of laundered their money.
So this is kind of like a little bit of an evolution on that scheme.
Stick around after the break.
Whether it's a pair of running shoes
or a new car.
You check how well something performs before you buy it.
Why should investing be any different?
At Fidelity, we get that performance matters most.
With sound financial advice and quality investment products,
we're here to help with accelerating your dreams.
Chat with your advisor or visit Fidelity.ca.
Performance to learn more.
Commission's fees and expenses may apply.
Read the funds or ETF's prospectus before investing.
Funds and ETFs are not guaranteed.
Their values change.
and past performance may not be repeated.
As Keith says, the pivot to physical goods,
and it makes me wonder because, in my mind,
that's extra work and that's an extra vulnerability
that something is actually existing in the real world
as opposed to, let's say, cryptocurrency, you know,
something like that, or even just sending money around the world
electronically.
Selina, do you have any sense whether or not the folks who are handling the cyber part of
this, how much they're keeping that part of it containerized, if you will, like self-contained.
In other words, we'll handle the hacking part, but you've got to take care of the actual
shipping goods yourself, or is it more blended in?
That's a really good question. So I do not have visibility into that particular aspect of it.
But one thing that is kind of notable is that the activities of the TTPs that we're seeing, the tactics, techniques, and procedures used by these threat actors do have some overlap with non-cargo targeted stuff.
So, you know, for example, the huge spike of remote monitoring and management tooling, Keith, you and I have talked about how there's a lot of advertisements on criminal forums that are like, hey, I'm looking for this particular RMM or.
this particular RMM got shut down.
It doesn't work anymore.
Like, what's a good alternative?
There's also a lot of, like, similar lore themes that are being used, some, you know,
interesting like hosting and some infrastructure pieces that are not necessarily exclusive
to the cargo threat actor that suggests, okay, they're probably operating or exists in
these cybercriminal spaces that have overlaps with more sort of traditional cybercrime,
and they're just kind of appearing in this cargo-focused threat.
landscape. So it's totally possible that they are kind of just selling out their services to these
different threat groups. And, you know, they're not necessarily located in country or they don't
even know the people that they're really working with, but they're just sort of selling their services
or they got connected in some way. So we don't have great visibility there. And it's not necessarily
like, oh, yeah, these guys are definitely doing like ransomware or a different type of cyber crime.
right? Like, we are seeing them using the RMM delivery targeting cargo, but it is sort of
interesting that they're using very similar techniques to what we're seeing across the cyber
criminal threat landscape. And, you know, I, like I mentioned early on, like, I initially
thought, like, oh, are these guys, are they trying to ransomware? Like, is that, is that kind of
what they're doing just because, you know, the TTPs and initially the malware that was used?
We've also actually seen this sort of expand. It's not just this one particular that actor
that's doing this.
We see multiple different other clusters
that are doing this type of activity.
And again, not just in North America.
That's what the report focused on,
but we are seeing it more broadly.
So it is really interesting,
and it does appear to be growing.
I was fascinating.
Like the one point that in your one article that you had
was that shipments were going to West Africa,
but made me think of, again,
working West African criminal organizations
of just kind of,
looking at some of this may be being done by West African criminal groups that started out,
you know, when you think of, you know, the lottery scams, the romance scams, but then doing
BEC. And so a lot of the techniques are very similar to what we saw in BEC, BEC attacks where
they were installing malware in order to get visibility into shipments or diversion like that.
You know, the request for quotes, you know, that I think the article on that, you know,
so the West African criminal groups are set up, and I'm not saying for sure that this is
attribution for that at all, but it's making my spidey sense kind of go up if we've seen shipments
go there because they are very well organized, organized crime groups that can do this
because, you know, they have their operators, they have their technical operators that
could do, you know, exploitation, you know, installing the RMM tools.
They also have really good call centers and social engineering, finance, cashouts,
like logistic and freight forwarders.
So, you know, they do have the infrastructure in place to be able to do that.
And so it got me wondering whether this is an evolution now of those schemes because
people are getting better at the BEC scams, detecting those.
stopping those financial transactions, so now maybe this is going into cargo.
So that's just some of my hypothesis, because some of the actual checks and balances,
things to put in place as a company, which we could talk about, are very similar to stopping
BEC, are almost identical to being able to stop these things as well.
Yeah, I just wanted to call out.
So the RMM stuff is separate from the net RFQ stuff that Keith, you're just
you're mentioning about how it gets sent to West Africa.
So we haven't really fully dove in into that yet.
So let me just kind of TLDR that for everybody because it is actually really interesting.
And it is a little bit different TTPs.
So for the RFQ scams, which are requests for quote, basically a threat actor is going to impersonate somebody, kind of do like almost an identity theft, basically.
And so they will send a sort of net RFQ, like, I need financing for these goods to then sell and to, you know, dip to profit and mutually beneficial.
business arrangement.
And so then the business will respond and ask for financing information and then stolen
information, this identity that, you know, the stuff that they stole is actually provided
to the business.
The business thinks it's real.
They approve net financing terms and the items are actually shipped.
So this is where the sort of physical goods that, again, kind of comes in from these
scammers.
So the items are received, right?
And either dropped at a warehouse or a mule house or something like that.
And then they are, again, sent overseas, you know, to your point, potentially like the
West African shippers.
And then, of course, the communication is completely cut off from the target, right?
So, yeah, so you have these, like, two types of physical goods theft.
So you have, like, the cyber-enabled cargo theft.
And then you have this, like, net RFQ scam trying to steal physical goods.
And these are two distinct threat clusters.
But to your point, Keith, the RFQ ones do align very much with BEC types of.
West African groups, yeah.
Yeah, types of activity.
Yeah, and I'd be curious. I mean, just that neither of us have any visibility right now into the RMM diversions of where all those cargoes are going. And if they are coming here to the states, probably chances are, you know, that they're recruiting mules and reshippers that will then take that cargo and then redistributed overseas as well. Because again, from a cyber criminal, you know, they've been doing that for years. So that would be a natural progression to now just hijack that.
that shipment, you know, send it to, you know, a warehouse and then have people say,
hey, you know, we're recruiting you to process.
We have a shipment coming in.
And now, you know, you need to reshift this out.
The goods are coming in and laundered that way.
You know, I just don't have any visibility under that.
But I'm just thinking that that's probably how some of this scheme is working.
Well, if I'm going back to my shipment of dips and I'm sitting here waiting for them hungrily,
and they don't show up when they're supposed to,
and I go back through the chain to try to figure out where things went wrong.
Is this a matter of, you know, I call the guys down at the docks and say,
hey, did my dips ever show up?
And they say, yeah, they absolutely did.
And the truck came up and picked them up, came by, picked them up, and drove away.
Is that a likely outcome here that it was a phony truck driver?
Or what are we talking about?
Any insights, Selena?
Yeah, so that is definitely one possibility.
And it's interesting, too, because you see reports again on social media where people have posted, oh, I tried to call, I tried to call the carrier. And, you know, they said that they have been getting 50 calls a day about this because, you know, their accounts were taken over and somebody was pretending to be them. And then, you know, we're kind of like running this fraud and, you know, trying to rebook things or, you know, target specific loads. And, you know, like I mentioned earlier, they had.
you know, the person on Reddit had mentioned how they really took over their phones, too.
So, you know, you might be calling somebody thinking that you're calling like a dispatcher,
calling the real person, but you're actually talking to a threat actor.
So there are many of these cases that have been, you know, shared and discussed online where it's like,
yeah, they fully took over everything, completely shipped it to the wrong place, or, you know,
people were missing goods or, you know, they just sort of disappeared.
And it's also entirely possible that there are multiple groups that are doing this,
that have, you know, some are doing double brokering, some are working with drivers and
some are just, you know, using them surrepetously, they have no idea. But it is a pretty big
problem and people are losing quite a bit of money. And one thing that I thought was actually
pretty interesting too when I was doing this research is like, it's not necessarily like,
you know, high end electronics or, you know, really expensive clothes. Like sometimes it is,
obviously. But one of the things that I thought was really funny was energy drinks. Like I was
reading some testimony from IMC logistics. That was some congressional testimony from earlier this
year. Which actually mentioned, like, energy drinks are something that are regularly targeted because
many of them are not legal in countries outside of the U.S. And so they can get those energy drinks
and then resell them on the black market or in other ways, you know, getting them in the hands
of people in other countries. And to me, that was so interesting because I'm like, energy drinks,
that seems like not that profitable.
But in addition to, you know, like our phones and tablets and sneakers, like, energy drinks.
But think about it.
They are making 100% profit, though.
That's true.
That's true.
Yeah.
Yeah.
So maybe our dips would be very profitable day because according to Munich-R-E, global cargo theft hotspots are Brazil, Mexico, India, Germany, Chile, the U.S. and South Africa.
but the most targeted commodities
are food and beverage products.
Really?
See, that surprises me
because I would think
that you'd go after something
that wasn't perishable.
Yeah.
Well, I think, you know,
part of that is,
okay, once you eat the dips,
they're gone.
They're gone, right, right.
The evidence, you eat the evidence.
Yeah.
Keith, who runs down this kind of stuff?
And is this criminal activity who's gone after them?
The interesting thing is probably, you know, this is going to be global because if you're talking
about shipping overseas, things like that, or even just shipping in the United States,
you're going to be going across, you know, state borders.
So this is going to be a federal crime naturally.
So this would be the FBI.
And, you know, what you're going to have to look at is, you know, this kind of this cyber-enabled
crime is kind of what we were talking about it when I was at the FBI, where you have to have
two divisions at the FBI, Cyber Division and Criminal Investigative, really kind of team up
because at the end of the day, usually the shipping diversions, that's going to be a criminal
investigative division of the FBI. But when we're talking about doing an intrusion and doing
RMM installs, you know, and exploiting computers to do this, that's a traditional cyber function.
So you really have that cross between the two divisions, which is going to be very imperative of sharing that intelligence back and forth between that.
So kind of putting together a task force as, you know, these threats start having bigger losses of really being able to track that because naturally, again, this isn't going to just be, you know, some hacker in the basement diverting cargo shipments or, you know, shipments.
This is going to be some kind of an organized car.
crime group because you're going to need logistics and call centers and technical support
and things like that because it's a little bit more of a sophisticated thing.
So this is going to be that organized crime aspect that criminal investigative division
traditionally is done.
And then you're going to need to use your partnerships because if you're having a diversion
from a U.S. company and then something being delivered overseas, you need to really have
that partnership with the law enforcement partners overseas.
I'm going to be really interested to see how this blows up, really, in the next six to 12 months
and see how many resources that the government throws at this.
But this is a very interesting angle that could have big losses.
There was an interesting document that I found in doing this research, and it was published in, like, the early 1970s.
There was this micro-fiche that had been scanned and published online, yes.
Old school.
Very old school.
Well, and they published the Department of Justice and the Department of Transportation, published cargo theft and organized crime, a desk book for management and law enforcement.
And it was really interesting because it talked about some of the history of this and also kind of incorporating the organized crime angle, but from more of like the mob or like, you know, some, like you mentioned the Sopranos, some of these these types of figures, right?
Like if we think about crime from a historical perspective, like cybercrime is relatively new, you know, and these guys were doing this for a while.
So it's really interesting because they published these like guides on like how law enforcement can sort of like combat this type of threat.
And I thought it was really interesting because it's still very relevant, even though it was published, you know, on talking about cases from like the 60s and 70s, but it's still very, very much relevant in terms of like all the different, you know, the Department of Transportation, the Department of Treasury, Department of Justice, like how all these.
these different entities sort of have to work together in collaborating and combating this crime.
I know I would have loved to work one of these cases.
It's just sounds, there's so many different angles that are moving that I just think would
be fascinating to look at this organization and see how it's working and try to attack that.
I know just like some things I think that we could tell our listeners, you know, to be thinking
about here because we know the threat actors are using RMM and just like we had spoke about it
at a previous episode, you know, I think it's really important for the cybersecurity and the network defenders to really limit who could install RMM software, you know, on the systems, you know, use application listing, enforce, you know, MFA on all remote connections as well, and really monitor any new RMM installs.
I think, you know, those are really important.
And then, you know, be talking, you know, from a cybersecurity standpoint, be talking with your supply and logistics.
to really look at, you know, rotating and managing credentials carefully, you know,
verify load postings through callbacks and like a trusted broker, like networks and things
like that.
Just kind of like how you would do with, you know, with the BEC cases, you know, anytime somebody
would change a bank account that you were normally sending it to physically pick up the phone
and call and, you know, and verify that.
And then, you know, finally really just kind of train the,
front-line staff and empower, you know, procurement and, you know, train the sales,
procurements, accounts receivable on these new schemes so that, you know, they're aware
of different things, you know, the different indicators.
So it maybe even, you know, do a tabletop exercise between cyber and logistics.
So those are some of the ideas that, you know, I was thinking about that could help
in detecting and preventing these.
I guess you kind of have to walk that line between being vigilant with your security,
but also not putting too many things in the way that you're going to throw sand in the gears of the supply chains.
Well, one of the things that I thought was interesting because a lot of the comments were referencing this,
a lot of the public experiences is that it moves fast. People want loads. They want business. Things are moving super-duper fast.
And so oftentimes that's how these things kind of fall through the cracks
as people aren't necessarily checking or they just kind of want to pounce on them as soon as possible.
And that does play a role from like a social engineering perspective is like, well, we can
convince somebody if they're already in this heightened sense of, oh, I have to make these deals.
I got to, you know, I have to close this.
I want this bid, whatever.
Then they can kind of manipulate that.
And that's how it can be very effective.
But, you know, one thing that Olin I like to talk about is like if you, if something,
If something feels a little bit off, like if you're six cents, if your spidey sense is tingling, then, you know, you should take a breath, take a step back and figure out a different avenue to verify that, whether that's like texting somebody that you know, whether that's calling, not necessarily the number that's listed in the bid or the email, but, you know, calling directly a different phone number that you can verify that, yeah, this is really authentic. But yeah, if your spidey sense is tingling, it's a send.
But, Selena, greed, Selena, greed.
Nobody wants to be the Grinch of this Christmas either, you know what I mean?
Perhaps my spidey sense is tingling because of greed and all the money I'm going to make from this deal.
Yes, yes.
Santa Claus definitely needs to check and make sure he's picking up correct, authentic packages.
Yeah, I think the Grinch was probably one of the very first diversion of cargo theft, right?
That's true.
Yeah, he's social engineered the heck out of a little, what was it, little Cindy Lou Who?
Yeah.
We will be right back after this quick break.
anything else we want to share here with our listeners in terms of prevention or being able to
keep an eye out for this, Selena, and what are the takeaways from your research?
Yeah, I mean, Keith definitely did a great job laying out what organizations can be doing.
I would just, you know, let people be mindful that this is increasing.
This is a threat that we are seeing more of, not just in North America, but expanding globally.
And, you know, to validate and make sure that you are really talking to the person that you think
that you're talking to is extremely important.
And also, too, you know, I think we're talking about it from like a supply chain perspective,
but really what ends up happening is these losses mount up.
And yes, okay, they might be, they might go to insurance, so they might get their money back or whatever.
But ultimately what ends up happening is things get more expensive.
Anytime that there's disruption and impact and losses across the supply chain,
the expense ends up getting pushed onto consumers.
And so I think that, you know, those of us who don't really think about where our turkeys are coming from,
maybe might not necessarily be aware of that, but you have all of these things like it comes
from a container in the ocean. It gets picked up as a cargo shipment. It gets driven across
state lines. Somebody else picks it up. And then it winds up in our closets or on our plates.
And I think that that whole process is really a black box to a lot of us. And so, you know,
thinking about where the stuff is coming from and why some of these crimes actually have impacts
beyond just the organizations that are actually being hacked and impacted.
But ultimately, it can be a consumer impact as well.
Don't buy black market dips.
Definitely don't do that.
You never know where they come from.
No, better safe than sorry.
All right.
Well, thanks, everybody.
Thanks so much.
To all our listeners, thank you so much for listening.
Happy New Year, happy holidays.
And we will see you back here.
in January.
And that's only malware in the building.
Brought to you by N2K Cyberwire.
In a digital world where malware lurks in the shadows,
we bring you the stories and strategies to say one step ahead of the game.
As your trusted digital sleuth,
we're unraveling the mysteries of cybersecurity,
always keeping the bad guys one step behind.
We'd love to know what you think of this podcast.
Your feedback ensures we deliver the insights that keep you ahead
in the ever-evolving world of cybersecurity.
If you like the show, please share a rating and review in your favorite podcast app.
This episode was produced by Liz Stokes, mixing and sound designed by Trey Hester, with
original music by Elliot Peltzman.
Our executive producer is Jennifer Ibin.
Peter Kilby is our publisher.