January 2026
NMFTA Cyber Intelligence Newsletter
The National Motor Freight Traffic Association, Inc.® (NMFTA)™ has designed this monthly e-newsletter to arm you with intelligence, tools, and defense tactics. Each month we cover enterprise system and rolling asset security, trending reports, and more.
.png?width=400&height=400&name=3PageSpread-2026%20Cyber%20Report%20(1).png "3PageSpread-2026 Cyber Report (1)")
2026 Is Here—Meet the Cybersecurity Trends Shaping Transportation
Cybersecurity threats no longer stop at the carrier’s door; they now extend across the entire transportation ecosystem. That’s why NMFTA’s annual Trucking Cybersecurity Trends Report has evolved into the 2026 Transportation Industry Cybersecurity Trends Report. This expanded edition reflects a critical reality: every stakeholder who touches freight movement—carriers, shippers, brokers, 3PLs, logistics platforms, and technology providers—is now part of the attack surface.
This year’s report provides a first look at the risks, tactics, and threat shifts that will define 2026. From AI-driven fraud schemes to the blending of physical and digital compromise, the findings are designed to help both executives and practitioners strengthen resilience before threats escalate.
Download the 2026 report and get the insights you need to stay ahead of this year’s cyber and freight-fraud landscape.
Join NMFTA's Ben Wilkens Live on the Dave Nemo Radio Show
January 12, 2026 | 9:30-10:00 am ET
On Monday, January 12, 2026 at 9:30 am ET NMFTA's Ben Wilkens will dive into the 2026 trends report with emphasis on the people side of the trends, particularly how critical social engineering awareness is.
Credential Harvesting: A Symptom of a Shaky Cybersecurity Foundation
Credential harvesting is one of the most common—and costly—threats facing businesses today, and it often reveals deeper gaps in an organization’s cybersecurity foundation. This article breaks down what credential harvesting looks like in practice and how strengthening your fundamentals can help prevent attackers from gaining a foothold.
Bendix EC80 Recall: Safety and Security Implications
Bendix has issued a recall on EC80 electronic control units that can impact critical safety systems like ABS, traction control, and vehicle stability. Read this break down of the safety and security implications of the recall and what operators should know to keep their fleets safe.
Your Monthly Webinars Delivered
.png?width=1200&height=600&name=CyberWebinar-4%20People-2-Email%20-%201200x600%20(2).png "CyberWebinar-4 People-2-Email - 1200x600 (2)")
Get Your Questions Answered in Real-Time
January 22, 2026 | 1:00-2:00 pm ET
Join the NMFTA cybersecurity team for a live, interactive webinar, on January 22, 2026 at 1:00 pm ET, where we’ll break down the key findings from the 2026 Transportation Industry Cybersecurity Trends Report, answer your questions in real time, and translate emerging threat data into practical insights you can apply across fleets, operations, and supply chains.
This webinar will fill up fast, don't wait to secure your spot!
See What's on the Horizon for this Year's Conference
Cybersecurity Conference Call for Abstracts Are Now Open
The call for abstracts is now open for the NMFTA 2026 Cybersecurity Conference, dedicated to exploring the crucial intersection of cybersecurity and the trucking industry. This is an excellent opportunity to share your insights, research, and innovations with a diverse audience keen on enhancing cybersecurity practices within the trucking industry.
Submissions must be received by the deadline: Saturday, February 28, 2026.
Interested in Attending in this Year?
Enter your email below to join the 2026 #NMFTACyber Conference mailing list to get early access to news on registration, speakers, sessions, cyber insights, and more.
Watch the Moments You Missed from the 2025 Cybersecurity Conference
In This Month's Report...
Threat Spotlight: Storm-0249 Moves from Mass Phishing to Precision EDR Exploitation
ReliaQuest has observed “Storm-0249,” a seasoned initial access broker (IAB), adopting a more targeted and sophisticated approach to enabling ransomware attacks.
Once reliant on mass phishing, this financially motivated threat actor’s playbook now incorporates legitimate signed files, associated with common endpoint detection and response (EDR) tools, including SentinelOne's SentinelAgentWorker.exe, and techniques like Dynamic Link Library (DLL) sideloading, fileless execution, and domain spoofing. These methods allow them attempt bypassing defenses, infiltrate networks, maintain persistence, and operate undetected, raising serious concerns for security teams. ReliaQuest has worked with SentinelOne to finalize this analysis.
Operating within the ransomware-as-a-service (RaaS) ecosystem, Storm-0249 specializes in stealth and persistence. By selling pre-built access to ransomware affiliates, the group accelerates the time-to-impact of attacks and lower the technical barrier for operators, making them a critical enabler of ransomware campaigns.
ConsentFix: Browser-Native ClickFix Hijacks OAuth Grants
The Push browser agent recently detected and blocked a new attack technique seen targeting several Push customers.
This is a new kind of browser-based attack technique that takes over user accounts with a simple copy and paste. If you’re already logged into the app in your browser, you don’t even need to supply creds, or pass an Multi-Factor Authentication (MFA) check—meaning it effectively circumvents phishing-resistant auth like passkeys too.
This is so different from the adversary-in-the-middle (AiTM) phish kits we usually come up against that we felt it deserved a new name.
Enter: ConsentFix. This attack shares a lot of similarities with ClickFix/FileFix, AiTM phishing, and OAuth Consent Phishing. You can think of this as a browser-native ClickFix attack that phishes an OAuth token on a target app by getting the victim to copy and paste a URL containing OAuth key material into a phishing page.
The campaign we detected looks to be specifically targeting Microsoft accounts by abusing the Azure CLI OAuth app. Essentially, the attacker tricks the victim into logging into Azure CLI, by generating an OAuth authorization code—visible in a localhost URL—and then pasting that URL (including the code) into an attacker-controlled page. This then creates an OAuth connection between the victim’s Microsoft account and the attacker’s Azure CLI instance.
Driving into the Unknown: Investigating and Addressing Security Breaches in Vehicle Infotainment Systems | MDPI
The rise of connected and automated vehicles has transformed in-vehicle infotainment (IVI) systems into critical gateways linking user interfaces, vehicular networks, and cloud-based fleet services. A concerning architectural reality is that hardcoded credentials like access point names (APNs) in IVI firmware create a cross-layer attack surface where local exposure can escalate into entire vehicle fleets being remotely compromised.
To address this risk, MPDI proposed a cross-layer security framework that integrates firmware extraction, symbolic execution, and targeted fuzzing to reconstruct authentic IVI-to-backend interactions and uncover high-impact web vulnerabilities such as server-side request forgery (SSRF) and broken access control. Applied across seven diverse automotive systems, including major original equipment manufacturers (OEMs) (Mercedes-Benz, Tesla, SAIC, FAW-VW, Denza), Tier-1 supplier Bosch, and advanced driver assistance systems (ADAS) vendor Minieye, our approach exposes systemic anti-patterns and demonstrates a fully realized exploit that enables remote control of approximately six million Mercedes-Benz vehicles.
All 23 discovered vulnerabilities, including seven CVEs, were patched within one month. In closed automotive ecosystems, we argue that the true measure of efficacy lies not in maximizing code coverage but in discovering actionable, fleet-wide attack paths, which is precisely what MPDI's approach delivers.
Phishing Emails and Missing Trailers Are Part of the Same Fleet Security Problems
Read as NMFTA's Ben Wilkens shares in our monthly Heavy Duty Trucking article why phishing emails and missing trailers may seem unrelated—but they’re part of the same growing fleet security challenge. Learn how cyberthreats and physical theft intersect, and why fleets need a more connected approach to protecting their operations.
Pro-Russia Hacktivists Conduct Opportunistic Attacks Against US and Global Critical Infrastructure
This new CISA advisory highlights active cyberthreats that transportation organizations should take seriously—and act on now. Understand the risks, recommended mitigations, and what steps you can take to strengthen your defenses before attackers strike.
Cybersecurity is a Team Sport: Reflections on the Past 12 Months
The transportation industry’s cyber risk landscape is shifting fast, and the latest NMFTA trends report highlights what leaders need to know heading into 2026. Read the break down of key findings from NMFTA’s 2026 Transportation Industry Cybersecurity Trends Report and offers insight into emerging threats and how to respond.
6 Predictions for the AI Economy: 2026's New Rules of Cybersecurity
As cyberthreats continue to evolve, so do the strategies attackers use to exploit them. Palo Alto Networks lays out key 2026 cyber predictions—giving you early insight into what to watch for and how to stay ahead.
Wilkens: How Cybersecurity Defense is Changing for Fleets and Transportation
Cybersecurity defense in transportation is changing fast, and fleets need to evolve their approach to stay ahead of threats, urges NMFTA's Ben Wilkens in NMFTA's monthly FleetOwner article. Learn how strategies are shifting—from reactive fixes to proactive planning—and what it means for your operations.
.webp "The Freight Coach")
Cybercrime in Trucking Is Evolving—What 2026 Means for All Parties!
As trucking becomes more digital, cybercriminals are getting smarter. In a recent episode, NMFTA's Artie Crawford and The Freight Coach Podcast's Chris Jolly breaks down the biggest 2026 trucking cyber trends, including freight fraud, AI-driven identity theft, TMS vulnerabilities, and load board scams. Listen now and learn how to strengthen your strategy.
Cybersecurity & Cargo Crime: Reducing Risk for Carriers | NMFTA's Ben Wilkens
Don’t miss this discussion as NMFTA cybersecurity expert Ben Wilkens joins on-air personalities Dave Nemo and Jimmy Mac to explore real-world cargo crime risks and proactive strategies to protect your fleet. Watch now and learn how to strengthen your defenses against evolving threats.
Refer a Colleague
Would you like others at your company to be added to the NMFTA Headline Newsletter email distribution list? Send them this link or fill out the form for them on their behalf below!