Cyberattacks Impacting Transportation Firms with Lumma Stealer & NetSupport Malware: A Comprehensive
as six malware families, including a novel info stealer, Lumma, and NetSupport RAT have been identified in relation to this cluster.
The Email Phishing Campaign
The criminals behind these attacks leverage multiple tools and methodologies, resulting in complex and sophisticated attack patterns.
These attacks often start with a simple email.
Attackers compromise legitimate email accounts within transportation companies and inject themselves into ongoing email conversations.
The malicious actors attach a macro-laden document in the chain, which serves as the main infection vector in this campaign.
Once the recipient opens the document and enables macros, the malware infection process begins (Proofpoint).
Lumma Stealer and NetSupport Malware
Lumma, a novel info stealer first seen in relation to this activity cluster, harvests information from the victim’s system, including system hardware, installed software, and running processes.
This malware then proceeds to steal files from the system, often focusing on documents with certain extensions, like .doc, .docx, .pdf, and .xls.
After stealing the required information, Lumma exfiltrates the data to a command and control server controlled by the attackers.
Also in circulation in this campaign is the NetSupport Manager, a legitimate remote administration tool, repurposed as a remote access trojan (RAT).
With extensive capabilities including screen capturing, file transferring, and remote desktop control, NetSupport provides cybercriminals with complete control over infected systems (NetSupport).
Impact and Previous Attacks
The impact of such cyberattacks on transportation companies is immense.
Besides disruptions in operations, data theft exposes sensitive company information, leading to potentially unbudgeted recovery costs, and reputational damage.
There have been notable similar attacks in the past, with Maersk suffering a $300 million loss to the notorious NotPetya incident in 2017 (BBC News).
Recommendations
Transportation companies must be proactive in their cybersecurity measures.
Regular training should be done to ensure employees are aware of the threats posed by phishing emails and how to recognize them.
Companies must keep all their software updated, regularly patch their systems, use strong, unique passwords, and employ multi-factor authentication.
Next Steps
To mitigate future threats, organizations should consider implementing advanced threat protection solutions that can ward off these kinds of blended attacks.
Early detection is key in mitigating the risks posed by these malicious campaigns.
Follow-Up Reading:
