{"id":2018,"date":"2024-09-25T15:47:14","date_gmt":"2024-09-25T14:47:14","guid":{"rendered":"https:\/\/aegislens.com\/home\/?p=2018"},"modified":"2024-09-25T15:47:14","modified_gmt":"2024-09-25T14:47:14","slug":"cyberattacks-impacting-transportation-firms-with-lumma-stealer-netsupport-malware-a-comprehensive","status":"publish","type":"post","link":"https:\/\/aegislens.com\/home\/cyberattacks-impacting-transportation-firms-with-lumma-stealer-netsupport-malware-a-comprehensive\/","title":{"rendered":"Cyberattacks Impacting Transportation Firms with Lumma Stealer & NetSupport Malware: A Comprehensive"},"content":{"rendered":"

as six malware families, including a novel info stealer, Lumma, and NetSupport RAT have been identified in relation to this cluster.<\/p>\n

The Email Phishing Campaign<\/h2>\n

The criminals behind these attacks leverage multiple tools and methodologies, resulting in complex and sophisticated attack patterns.<\/p>\n

These attacks often start with a simple email.<\/p>\n

Attackers compromise legitimate email accounts within transportation companies and inject themselves into ongoing email conversations.<\/p>\n

The malicious actors attach a macro-laden document in the chain, which serves as the main infection vector in this campaign.<\/p>\n

Once the recipient opens the document and enables macros, the malware infection process begins (Proofpoint<\/a>).<\/p>\n

Lumma Stealer and NetSupport Malware<\/h2>\n

Lumma, a novel info stealer first seen in relation to this activity cluster, harvests information from the victim\u2019s system, including system hardware, installed software, and running processes.<\/p>\n

This malware then proceeds to steal files from the system, often focusing on documents with certain extensions, like .doc, .docx, .pdf, and .xls.<\/p>\n

After stealing the required information, Lumma exfiltrates the data to a command and control server controlled by the attackers.<\/p>\n

Also in circulation in this campaign is the NetSupport Manager, a legitimate remote administration tool, repurposed as a remote access trojan (RAT).<\/p>\n

With extensive capabilities including screen capturing, file transferring, and remote desktop control, NetSupport provides cybercriminals with complete control over infected systems (NetSupport<\/a>).<\/p>\n

Impact and Previous Attacks<\/h2>\n

The impact of such cyberattacks on transportation companies is immense.<\/p>\n

Besides disruptions in operations, data theft exposes sensitive company information, leading to potentially unbudgeted recovery costs, and reputational damage.<\/p>\n

There have been notable similar attacks in the past, with Maersk suffering a $300 million loss to the notorious NotPetya incident in 2017 (BBC News<\/a>).<\/p>\n

Recommendations<\/h2>\n

Transportation companies must be proactive in their cybersecurity measures.<\/p>\n

Regular training should be done to ensure employees are aware of the threats posed by phishing emails and how to recognize them.<\/p>\n

Companies must keep all their software updated, regularly patch their systems, use strong, unique passwords, and employ multi-factor authentication.<\/p>\n

Next Steps<\/h2>\n

To mitigate future threats, organizations should consider implementing advanced threat protection solutions that can ward off these kinds of blended attacks.<\/p>\n

Early detection is key in mitigating the risks posed by these malicious campaigns.<\/p>\n

Follow-Up Reading:<\/strong><\/p>\n