While the trucking industry, like most others, is working to discover how artificial intelligence can best be used in operations, cyber criminals are already using AI to expand attacks.
Though AI isn’t new, the launch of large language model ChatGPT urged the adoption of AI at a greater scale, and hackers are using their own versions, like WormGPT and FraudGPT. AI is enabling greater efficiencies across all sectors of the economy: good and bad.
AI-enhanced automation is challenging traditional cybersecurity defenses, according to Netscout Systems, which recently released its latest research that details the evolving Distributed Denial-of-Service (DDoS) attack landscape. In the first half of 2025, Netscout monitored at a global level more than 8 million DDoS attacks, which crashes a system by using a network of private computers infected with malicious software (a.k.a. botnets) to overwhelm it with illegitimate traffic.
McLeod Software CIO Ben Barnes said attackers are using advanced technologies, including AI, to discover new vulnerabilities faster.
“Cybercriminals continuously adapt their tactics as technology evolves,” Barnes said. “Traditional defenses such as firewalls, antivirus software, and intrusion detection systems were designed for a different era and are no longer enough on their own.”
These traditional defenses aimed to protect traditional infrastructure, which is why many trucking companies are moving from on-prem to the cloud. Conan Sandberg, global transportation and logistics information security officer at Trimble, said it is noteworthy that public cloud services like AWS, Azure and GCP can offer strong protection against DDoS attacks, making them a strategic advantage in hosting technology.
[RELATED: The future of TMS is the cloud]
Trimble itself uses a multi-cloud approach.
“Like the foundation of your house, our multi-cloud foundation provides support 24/7, always working behind-the-scenes to enable value props like ransomware protection, near-100% uptime, etc,” Sandberg said. “To the customer, the multi-cloud foundation works ‘invisibly’ to ensure that TTC (Trimble Transportation Cloud) and its connected capabilities are always on.”
Barnes and Sandberg both commented that modern defense strategies must include zero-trust architecture. Additional approaches involve solutions that consolidate data for real-time detection, behavioral analytics, and automated responses, Sandberg added. Barnes agreed that real-time threat intelligence is key.
“These approaches create multiple layers of security and assume that threats can come from both inside and outside the network,” Barnes said.
Sandberg said the trucking industry has seen a substantial increase in DDoS cyber incidents, and such attacks could severely disrupt the supply chain by incapacitating essential logistics systems, leading to lost visibility, safety risks, and data tampering.
“The trucking industry is a prime target for cyberattacks due to its critical role in the supply chain and increasing technological reliance, making it vulnerable to disruptions that can cause significant financial and reputational damage,” he said. “Attacks can cripple logistics, compromise data, and have widespread impacts across the entire supply chain.”
According to the Netscout report, the cybersecurity platform observed a massive global attack volume with more than 50 attacks greater than a terabit-per-second (TBPS) and multiple gigapacket-per-second (Gpps) attacks in the first half of 2025, including a 1.5 Gpps attack in the U.S.
"A lot of these attacks are targeting outdated infrastructure or unpatched systems, putting our industry, especially smaller companies, at serious risk,” said National Motor Freight Traffic Association COO Joe Ohr. “As we all know, many in trucking still rely on legacy systems that haven’t kept pace with modern threats.”
Barnes said McLeod takes a layered and proactive approach to mitigating DDoS threats.
Its distributed network infrastructure helps absorb sudden surges in traffic, he said. McLeod also employs rate limiting, network traffic filtering, access control lists, and real-time traffic analysis to detect and neutralize threats. In addition, Barnes said McLeod leverages Cloudflare's Autonomous DDoS Protection Edge, which automatically detects and mitigates attacks at the edge of the network before they reach core systems to ensure resilience and continuity.
AI also impacts how McLeod approaches cybersecurity.
“At McLeod, we've embraced an AI-driven security architecture, where machine learning is integrated throughout the security stack rather than treated as a standalone tool,” he said.
This includes continuous authentication to validate users in real time, adaptive access controls that adjust permissions dynamically based on behavior and risk, and real-time risk scoring to detect and respond to anomalies faster.
“We've also embedded AI into our incident response planning. Traditionally, once an alert was raised, human analysts had to take a series of steps, slowing down the response. Now, with AI-driven incident response, potential attacks can be identified and mitigated instantaneously, even if they occur at high-risk times such as a holiday weekend or the middle of the night,” Barnes said. “This speed and automation are critical in today's threat environment, where attackers often time their campaigns to strike when human defenses are weakest.”
Trucking technology vendors like McLeod and Trimble are addressing their own cybersecurity, but it’s important for trucking companies to vet those vendors to ensure that’s the case. At the same time, it’s also important for trucking companies themselves to address their own cybersecurity.
“Let this be a reminder: prioritize the basics,” Ohr said. “Keep your systems – servers, routers, everything – in good working order and fully updated. And if you haven’t started modernizing your infrastructure, now is the time."