Threats in Transit: Cyberattacks Disrupting the Transportation Industry

The transportation industry is the lifeblood of the global economy—moving goods, people, and essential services across borders and cities. However, as the world becomes increasingly interconnected, so too does the vulnerability of this critical sector.

Cybercriminals have zeroed in on transportation companies, knowing that even a brief disruption can cause far-reaching economic and logistical consequences. For example, freight shipping provider Estes Express Lines was targeted by a ransomware attack in October 2023 that forced the company to disable its internal IT systems for more than two and a half weeks. The attack also exposed the private data—including names, Social Security numbers, and other personal details—of 21,000 individuals.

Over the past year, attacks on the transportation industry have surged at an alarming rate, with phishing, business email compromise (BEC), and vendor email compromise (VEC) attacks climbing by staggering percentages. In this post, we’ll explore the latest attack trends threatening transportation companies and offer insights on how organizations can better protect themselves.

The transportation industry is a high-value target for cybercriminals due to its critical role in global infrastructure. Interfering with the movement of goods and people can cause widespread economic and logistical chaos. This makes transportation organizations especially attractive to attackers who exploit operational disruptions with ransomware, knowing that downtime can lead to significant losses.

Further, transportation companies rely on complex supply chains involving numerous suppliers, vendors, and partners and multiple points of communication. Attackers can exploit these connections through phishing or BEC to gain unauthorized access to sensitive data or internal systems.

Frequent financial transactions are another reason the industry is appealing. Payments for logistics, freight, and ticketing create plenty of opportunities for invoice fraud or impersonation attacks, where attackers can trick employees into transferring funds to fraudulent accounts.

Additionally, transportation companies handle vast amounts of sensitive data, including customer and employee information as well as trade secrets. Breaching these systems allows cybercriminals to steal and monetize this valuable data.

Finally, many organizations in the industry are undergoing digital transformation, adopting new technologies like IoT devices and automated logistics systems, which expands their attack surface and increases vulnerability.

Phishing remains a go-to tactic for cybercriminals because it’s both relatively easy to deploy and effective in tricking victims into revealing sensitive information or credentials. These attacks are a constant threat across industries, and the transportation sector is no exception.

Between July 2023 and July 2024, phishing attacks on transportation organizations increased by an alarming 175%.

As managers of critical infrastructure, transportation organizations are prime targets for phishing campaigns that seek to obstruct services or steal valuable information. Phishing attacks can also provide threat actors with access to employee credentials, allowing them to compromise systems or launch more targeted attacks, such as ransomware. A successful attack on an organization in this industry can result in impeded operations, delayed shipments, or even compromised safety systems.

Instead of using technical exploits, business email compromise (BEC) attacks leverage social engineering techniques and utilize text-only emails that typically lack obvious signs of compromise like malicious links or attachments. Consequently, BEC attacks frequently bypass traditional security solutions, leaving employees—commonly viewed as the weakest point in an organization’s security—as the last barrier against these threats.

Over the past year, BEC attacks on transportation organizations grew by 133.5%, reflecting the sector's increased vulnerability.

In a typical BEC attack, cybercriminals impersonate a trusted colleague or executive to manipulate victims into transferring funds or sharing sensitive information.

Transportation organizations operate under tight deadlines, which can pressure employees into quickly processing requests without thorough verification. Employees may also work across different locations, increasing the risk of falling victim to BEC due to less face-to-face interaction. Unfortunately, business email compromise can cause devastating losses as well as disruptions to logistics and supply chains.

Vendor email compromise (VEC) is similar to traditional BEC in that it relies on the manipulation of a trusted identity. However, in VEC attacks, the impersonated individual is an external vendor rather than someone within the organization.

Although VEC attacks generally happen less frequently than other forms of email threats due to the effort involved, this tactic is gaining traction among cybercriminals targeting transportation organizations. In fact, VEC attacks increased by 253% between May 2023 and May 2024.

Transportation companies often rely on a complex network of vendors and suppliers, making email communication a critical component of day-to-day operations. Unfortunately, this also creates multiple opportunities for cybercriminals to exploit trusted relationships.

By compromising a vendor’s email, attackers can send fraudulent emails that appear legitimate, allowing them to manipulate financial transactions or access sensitive operational data with little suspicion from the target organization—leading to costly consequences.

As transportation organizations continue to face escalating cyber threats, it is clear that traditional email security measures, like secure email gateways, are no longer sufficient. These legacy solutions often struggle to detect modern email threats, which rely heavily on social engineering tactics and lack traditional indicators of compromise.

To stay ahead of cybercriminals, transportation companies should consider adopting an AI-native, API-based email security solution. These advanced systems analyze email behavior across the entire organization, using machine learning and natural language processing to detect anomalies and block threats before they reach employee inboxes. By leveraging these technologies, transportation organizations can better protect themselves from the evolving threat landscape.

See for yourself how Abnormal AI provides comprehensive email protection against attacks that exploit human behavior. Schedule a demo today.