Cybersecurity threats in the transportation and shipping sectors are on the rise.
Advanced persistent threat (APT) detections targeting the U.S. in Q1 2025 were 2.4 times or 136% higher than the level seen in Q4 2024, according to a recent report by AI-powered cybersecurity firm Trellix. The CyberThreat Report: April 2025 shows that among those APTs, the telecommunications was the top targeted sector, receiving 47% of all detections, followed by transportation and shipping at 36%.
Transportation and shipping generated the most detections in Q4 2024 and the second most detections in Q1 2025, and detected threats to transportation and shipping rose 11% in Q1 2025.
Trellix Security Researcher Ernesto Fernandez Provecho said trucking companies are included in the transportation and shipping sector, and cyber threats are prevalent and impactful in the trucking industry with real-world examples including ransomware attacks that have crippled the operational and IT systems of trucking companies, leading to significant delays, financial losses and the compromise of sensitive data. In addition, he said attacks on third-party providers have forced fleets to revert to manual processes, and cyberattacks impacting interconnected parts of the supply chain have directly impeded the movement of goods by truck.
“These kinds of attacks primarily occur because attackers seek financial gain. Another key goal is data theft, as trucking firms handle valuable information about shipments, customers and employees that can be sold or used for further malicious activities,” Provecho said. “Additionally, some attacks may be motivated by a desire to cause economic disruption or target critical infrastructure.”
Artie Crawford, director of cybersecurity at the National Motor Freight Traffic Association, said the transportation sector's vast attack surface makes it a prime target for sophisticated cybercriminals.
According to the Trellix report, of the APT activity directed at the U.S., 47% of detections were attributed to China and 35% to Russia-aligned groups. Russia-aligned cyber actors directed most of their activities toward transportation and shipping (55%) and telecommunications (40%).
The report shows that detections targeting the telecommunications sector increased 92% in Q1, and threats targeting the technology sector increased more than 119% from Q4 2024 to Q1 2025.
Provecho said that also impacts the trucking industry.
“Incidents in the telecom and tech sectors can significantly impact the trucking sector, which relies heavily on their infrastructure for GPS navigation, telematics, communication and logistics,” he said. “Disruptions or compromises in these areas can lead to operational delays, inefficient routing, inability to track shipments and overall supply chain disruptions.”
In addition to the Trellix report, Interisle’s 2024 Cybercrime Supply Chain report shows that cybercriminals are increasingly targeting the logistics sector, exploiting unsecured communication channels to intercept sensitive information.
According to the report, cybercrime incidents surged by 54% year-over-year, with over 16 million events recorded. Notably, the use of bulk-registered domains in attacks more than doubled, and subdomain abuse increased by 114%.
These statistics highlight a critical vulnerability: every unencrypted message between dispatchers, drivers and vendors is a potential entry point for cyberattacks.
Crawford said strengthening cybersecurity best practices is the first step in securing organizations against these ever-evolving threats. The NMFTA developed its Roadmap to Resilience Guidebooks to help fleets strengthen defenses.
“Cyberattacks are rising, and the transportation sector is increasingly targeted by both cybercriminals and nation-state actors,” he said. “Emerging technologies like AI and voice are expanding the threat landscape.”
