A new cyberattack has been launched that has been affecting companies across the supply chain, distribution, and manufacturing industries.
Recently, attackers have begun targeting ERP systems to reroute trucks, steal loads, manipulate orders, and compromise logistics workflows. These incidents often start outside the ERP application itself—most commonly through compromised user workstations or email accounts.
Even if your ERP system is cloud-hosted or running on a provider that delivers enterprise-grade security—firewalls, encryption, intrusion detection, and 24/7 monitoring—there is a critical point to understand:
Your ERP is only as secure as the devices and identities accessing it.
Attackers have learned that it is often far easier to compromise a user's workstation or email account than it is to break into the secured ERP platform. Once they gain access to an employee's email inbox, browser session, or stored credentials, they can:
- Imitate authorized users
- Approve or modify shipping instructions
- Redirect trucks or pickups
- Change vendor or customer payment information
- Interfere with purchase orders and release processes
- Gain access to ERP through stolen passwords or MFA prompts
In many documented cases, the ERP platform itself was never breached—the criminal gained access using legitimate credentials obtained from an infected workstation, phishing email, or credential-harvesting techniques.
Real-World Example
In a recent case at a mid-sized distributor, attackers compromised an employee's email account through a phishing link. They monitored communications for two weeks, then sent realistic instructions to reroute a high-value shipment. The load was redirected to a fraudulent location, resulting in over $200,000 in losses—all without ever touching the ERP system directly.
Why Protecting Local Workstations and Email Accounts is Essential
Even with a fully secured ERP hosting environment, attackers can still cause major operational and financial damage through:
- Phishing attacks and email compromise - A single clicked link can allow attackers into an employee's account, where they can impersonate staff, request changes to shipments, or alter routing details.
- Keylogging and credential theft - Malware installed on a workstation can capture login credentials—even if your ERP has strong security protections.
- Session hijacking - Attackers can take over an active ERP session if the workstation is compromised.
- Social engineering using stolen email content - Once inside an inbox, criminals study communication patterns to send realistic "urgent" requests to reroute loads or update banking information.
What We Recommend
To strengthen your overall security posture, we recommend the following immediate steps:
- Multi-factor authentication (MFA) on email, workstations, and all ERP logins
- Endpoint protection such as advanced antivirus, EDR, or managed detection systems
- Security awareness training for employees to identify phishing attempts
- Email filtering and threat scanning to block malicious attachments and links
- Limiting administrative privileges on local workstations
- Monitoring for suspicious login activity including unusual login times or locations
We're Here to Help
If you would like assistance evaluating your security posture or implementing additional safeguards around your ERP environment, please contact us to schedule a complimentary cyber security assessment.
We can help you deploy these protective measures or review your current setup to identify vulnerabilities. We recommend conducting a comprehensive security review within the next 30 days to ensure your systems are protected against these evolving threats.
The most effective strategy is a combination of secured hosting and secured endpoints, working together. Protecting your business from evolving cyber threats is a responsibility we share, and we're committed to helping you stay safe. If you have questions or ready to schedule a review, please reach out to us at: cybersecurity@clientsfirst-us.com
