Written by way of Ben Wilkens, director of cybersecurity, NMFTA
Operating in cybersecurity, you might be properly conscious about the playbook that ransomware operators use. Stolen credentials, established patience, community recon, pivoting to a high-value goal money out. Those tactics are properly documented; we’ve assault frameworks and well-documented kill chains for his or her tactics. What you won’t were uncovered to is that very same playbook getting used to thieve freight.
Complete truckloads of products are re-routed, disappearing from the professional logistics ecosystem and reappearing at the black marketplace. Bottled water, eggs, crab legs, power beverages, Legos, shoes, prescription drugs, pistachios, you title it, it’s been stolen by way of arranged criminals taking the ransomware playbook and making use of it to the transportation business for various functions.
In 2025, Verisk CargoNet reported roughly $725 million in shipment crime losses throughout North The united states. The FBI web Crime Criticism Middle (IC3) reported kind of 21 billion in cybercrime losses for a similar duration. Whilst those two numbers are each and every staggering in their very own proper, they just constitute reported losses.
Too frequently stolen freight and cyberattacks each cross unreported, particularly when suffered by way of personal corporations at the smaller finish of the dimensions spectrum. Those two numbers are also increasingly more a part of the similar dialog.
The shipment losses we’re seeing within the transportation sector aren’t the results of movie-style hijackings by way of armed marauders. They’re the results of a a success phishing e mail that leads to a fraudulent pickup of a load of prescription drugs by way of a truck destined for a felony warehouse. Trade estimates point out that almost all of shipment crime in the US now comes to a cyber-enabled part.
For a safety group this is used to pondering of stolen items and load crime as a bodily safety factor, this factor is forcing a paradigm shift. Those danger actors are subtle. A lot of them are in truth global arranged crime teams running from outdoor the US.
Their tactics are instantly recognizable to someone who has been concerned about incident reaction comparable to standard cybercrime.
A Acquainted Kill Chain
A stroll thru of a regular cyber-enabled shipment crime begins the similar approach as many different cybercrimes; Reconnaissance. Public resources comparable to United States Division of Transportation (USDOT) numbers, Federal Motor Service Protection Management (FMCSA) registry data, motor service (MC) numbers, insurance coverage main points and workers are all researched.
Phishing emails cross out to contributors of the operation’s body of workers in dispatch, or in customer support or accounting; the ones with get entry to to delicate data. Credentials are stolen, and e mail compromise effects. Sounds acquainted thus far.
That is the place the 2 playbooks diverge. That is the place the assault migrates from the cybersecurity global and into the operations area. As an alternative of the usage of the compromised credentials to pivot into a company machine and drop a ransomware payload, the attacker makes use of a compromised e mail account to concentrate in no cargo notification, new load tenders, invoice of lading for shipments underway.
They’ll then inject themselves into those communications, from this relied on e mail account, and make delicate adjustments. A pallet depend right here, a vacation spot there, sending falsified data to change a deliberate path and redirect a valid load of freight to another supply location; one they keep an eye on.
However, they will sign in a brand new, fraudulent service with the FMCSA the usage of stolen however legitimate identity main points from a valid fleet. The attacker then books genuine lots from genuine load forums below that false id. Those lots are frequently picked up by way of skilled truck drivers who do not know that they’re getting used as pawns on this crime, they suspect they’re hauling freight for professional corporations.
As soon as the burden is dropped at the felony warehouse, it’s instantly damaged down into different shipments or cross-docked to every other truck below extra falsified forms and laundered at once again into the availability chain. Lots of the consumables stolen this manner will likely be offered inside of hours and ate up inside of days because of shelf lifestyles limits, making the method of investigating those crimes and recuperating freight an uphill fight at highest.
By the point that the professional shipper, dealer, or motor service figures out what took place, their freight is long past, the fraudulent service has disappeared, and they’re left retaining the bag for what can quantity to catastrophic monetary legal responsibility; a unmarried tractor trailer loaded with prescription drugs can lift a ticket within the thousands and thousands. A unmarried load of pistachios? Masses of 1000’s of greenbacks. Those aren’t losses that the common small to midsized fleet is provided to maintain.
Sign up for your friends for the NMFTA 2026 Cybersecurity Convention to be told about real-world danger intelligence, analysis, and sensible methods fascinated by securing hooked up freight techniques, preventing cyber-enabled shipment crime, and strengthening transportation safety around the provide chains.
Be told Extra
An Trade-Extensive Drawback
The defensive playbook right here isn’t one this is unfamiliar to maximum cybersecurity execs. Phishing-resistant multi-factor authentication, out-of-band verification earlier than any vital adjustments to banking data, routing main points or transport paperwork. Robust dealer control processes, e mail safety. None of that is novel. Why then is that this downside so common? Sadly, some of these controls are below deployed within the transportation business, in particular some of the small and midsized fleets {that a} large proportion of the freight on this nation.
A trucking corporate with just a hundred or two vans generates as a lot cyber chance as a far better skilled services and products company, however they in most cases operated on very skinny margins and a fragment of the protection price range this is discovered in lots of different industries. Many of those fleets merely don’t have the headcount or the price range to roll out a complicated cybersecurity program. Integrations are installed position for velocity and potency, distributors be offering new equipment that promise positive factors operationally but if now not carried out in a safe surroundings, depart gaps that the danger actors exploit.
For this reason those numbers are the place they’re lately. The attackers have found out that the transportation sector represents a cushy goal with high-value, low chance, perishable and simple to launder payouts. They’ve found out that the prison and regulatory penalties of stealing shipment are a lot much less serious than attacking the monetary sector or a medical institution.
They’ve found out that many fleets don’t document assaults since the reputational harm of being referred to as “a kind of fleets that misplaced freight” seems like extra of an have an effect on than soaking up important losses in silence.
The end result? The similar schemes paintings week after week in opposition to fleet after fleet.
The place the Trade is Making Beneficial properties
Closing 12 months, the Nationwide Motor Freight Visitors Affiliation (NMFTA) revealed a Cybersecurity Shipment Crime Aid Framework that particularly mapped cybersecurity controls to the shipment crime danger vectors that they are able to cope with.
This guidebook is constructed round six classes that will likely be acquainted to any danger analyst: Arranged crime, insider threats and collusion, social engineering and deception, id robbery and fraud, and technical exploitation. The framework is unfastened to obtain. So is NMFTA’s Highway to Resilience sequence of guidebooks for fleets starting from person proprietor operators to midsized fleets.
Those guides adapt conventional cybersecurity requirements like NIST CSF, CIS Controls, and so forth. for an target audience that lacks cybersecurity experience and assets, offering transparent, digestible steering on methods to safe a transportation operation.
NMFTA additionally oversees and manages the Freight Fraud Prevention Hub, a central useful resource the place motor carriers, third-party logistics suppliers (3PLs), agents, and shippers, {and professional} truck drivers can in finding instructional fabrics, assets, and guidebooks on methods to save you freight fraud and cyber-enabled shipment crime.
For safety practitioners who operated outdoor of the transportation sector, there may be a call for participation price making an allowance for. A vital infrastructure vertical wishes your talents. Sign up for your friends from the transportation sector on the NMFTA 2026 Cybersecurity Convention, September 29-October 2 in Lengthy Seashore, CA. That is the one match in North The united states devoted to cybersecurity within the transportation sector. With each government and technical content material or even hands-on enjoy and tabletop workout routines and subjects starting from cyber enabled shipment crime to heavy car OT safety there’s no different convention like this.
In case you are on the lookout for a spot to position to your cybersecurity super-hero cape and absorb a worthy purpose, combating cyber-enabled shipment crime within the transportation sector might simply be the place you belong!
Be told extra at nmftacyber.com.
Backed and written by way of NMFTA.
