Proactive measures and advanced technologies are key to mitigating emerging cybersecurity threats that besiege trucking companies, says a report from the National Motor Freight Traffic Association (NMFTA).
According to Trucknews.com the firm’s 2024 Trucking Cybersecurity Trends Report states that cybersecurity professionals and organizations must remain vigilant and adaptable in the face of challenges, as new threats emerge while existing ones evolve.
Hackers frequently use phishing scams to gain access to a carrier’s enterprise system. Once they can access the system, they use that access to launch ransomware attacks. Phishing attacks generally take the form of deceptive communications that trick people into clicking links or opening attachments.
Trucking companies’ best preparation for, and defense against, these attacks is to train their people on how to spot a phishing attack, the NMFTA says. Often phishing e-mails come from lookalike URLs, or from e-mails that pretend to be from known contacts.
The report warns that threats directly aimed at trucks must not be overlooked. As technology continues to evolve in the cab and everywhere around the truck, so does the potential for those elements to be compromised.
Cybersecurity professionals also warn carriers to keep an eye on their API (application programming interface) security. APIs enable two software components to communicate with each other.
Areas of concern include: the vulnerability of old, deprecated APIs known as zombie APIs.; denial-of-service attacks that can overwhelm a website, server, or network; APIs that make it too easy for hackers to bypass authentication requirements; accidental leakage of sensitive data, or exposure of stolen data; and undocumented back-door APIs known as shadow APIs.
In the report, Seattle-based WatchGuard says it expects to see threat actors begin experimenting with AI (artificial intelligence) attack tools and to sell them on the underground.
Another strong risk is an increase in QR code attacks. The convenience of QR codes is training people to unthinkingly do the very thing that cybersecurity professionals say they should never do, which is to click on random links without knowing where they go.
Full article here.