Interconnected technologies are an increasingly necessary part of the trucking industry’s operations. With this rise in technologies comes an increased risk of cyberattacks.
The two most prominent forms of access for cyberattacks in trucking today are phishing and API vulnerabilities, according to the report “2024 Trucking Cybersecurity Trends” by the National Motor Freight Traffic Association.
Successful cyberattacks present an existential threat to fleets of any size—however, there are best practices to reduce the risk of a successful attack.
The main forms of cyberattacks in trucking
What is at risk in a cyberattack?
Both forms of attack introduce two critical threats to fleets’ operations: data theft and ransomware. When attackers gain access to a system, they can often retrieve data from or insert ransomware.
These threats can damage fleets’ customer relations and outright halt operations.
Data theft
Successful cyberattacks can leak fleets’ sensitive data. Attackers can steal any data, depending only on what system they’ve infiltrated—including payment information, social security numbers, or confidential business data.
Attackers can sell this information in online markets or demand a ransom from the victim on the threat of publishing the data. Attackers can even accept a ransom and then publish the data anyway.
A leak of sensitive data can irreparably harm a fleet’s image by leaving customers and employees vulnerable to identity theft.
Ransomware
Ransomware is a type of malware that encrypts data on a device to demand a ransom. This encryption renders the affected system’s data and applications unusable.
If ransomware gains access to a critical system within a fleet's operation, it can completely disable the system, leaving a fleet unable to function.
For example, in September 2023, Estes Express Lines suffered a ransomware attack. The attack left the company’s truck drivers unable to log their hours of service electronically for multiple weeks.
Once a hacker accesses a vital system for fleet operations, the cybercriminal can steal sensitive data or lock down the system altogether.
The best defense against a cyberattack is to prevent access. The two main ways that attackers gain access to fleets’ systems are through phishing or API vulnerabilities—so it is essential to know how both attacks work and what fleets can do to prevent them.
Phishing
Phishing is a scam in which attackers pretend to be from a reputable or legitimate organization through an email or other messaging system. Nearly anyone with a cellphone or email account has encountered phishing attempts.
The scam aims to trick victims into clicking a suspicious link, opening a dangerous file, leaking sensitive information, or providing money. Employees who click the phishing hyperlink, open a malware file, or provide login credentials can unintentionally allow attackers to access a fleet’s critical systems.
“It is something that is easy for a hacker to deploy at mass,” Joe Ohr, COO at NMFTA told FleetOwner. “They can send an email to millions within minutes and impact small to large truck companies.”
Attackers can send millions of emails quickly but only need one key victim to infiltrate a system. Someone with privileged access to a sensitive database could have only a momentary lapse in judgment for a phishing attack to be successful.
“Phishing also targets the users within the company that are most vulnerable to deception because they are busy with their day-to-day tasks and security may not be at the forefront of their mind,” Cara Walls, director of cybersecurity at NMFTA, told FleetOwner.
The best way to prevent successful phishing attacks is to limit privileged access and ensure personnel know how to identify the scam.
See also: Protect your fleet from cyber risks
During NMFTA’s panel Cyber Security in Trucking Today at Truckload 2024 in Nashville, Adam Abresch, EVP of cyber solutions at Acrisure, recommended dedicated cybersecurity training for employees accessing emails.
“Empower those folks within your organization to know what to be on the lookout for, to know what to click on, what not to click on, the actions to take if they think that there’s something suspicious,” Abresch said. “A lot of people want to do the right thing in cybersecurity, but they don’t necessarily know what that is all the time.”
This can include cybersecurity training modules or phishing campaigns. By simulating phishing attacks, employees can be better trained to identify the scam.
API vulnerability
An API, or application programming interface, is a way that any two programs can communicate.
“APIs form the backbone of modern IT services,” Walls told FleetOwner. “As the trucking industry embraces better and faster technologies (such as cloud, microservices, etc.) that are well suited to volume variability and other industry needs, API security becomes more important.”
APIs are also a significant entryway for attackers to access the involved programs.
“Almost all trucking companies use APIs to exchange data. APIs are how they get and receive data,” Ohr told FleetOwner. “Although you may have the strongest security in the world, you are only as strong as your weakest link, which in many cases is a third-party vendor you connect to via an API.”
See also: NMFTA demonstrates how hackers can disable trucks and trailers
For APIs that connect to third-party vendors, vulnerabilities can be a scary concept; a fleet might have almost no control over how the API works. However, one of the most effective ways to prevent API vulnerabilities is actually directly within fleets’ hands: keeping up with patches.
“A lot of attacks happen through not updated firmware, hardware, OS, and databases,” Ohr said. “It is important to do monthly patching as, when these patches come out, the hackers also become aware of these vulnerabilities if they were not already aware.”
Once a hacker knows about an API vulnerability, they can send millions of malicious network requests across countless machines and systems in hopes of exploiting the vulnerability—wherever it may be found. Fleets of any size can be victims of a cyberattack if they happen to use the wrong API version at the wrong time.
“Patch, patch patch … Please patch your systems,” James Crawford, the Cybersecurity and Infrastructure Security Agency’s cyber security coordinator for the State of Tennessee, said during the NMFTA cybersecurity panel at Truckload 2024. “Don’t push it off to the next day, don’t push it off until three days later because it’s inconvenient. Because, by that time, it’s probably too late."