Largest Transportation and Logistics Cyberattacks of 2023

Transportation and logistics is one of the industries most poised to benefit from expanding Internet of Things (IoT) usage. For decades, companies in this space – third-party logistics (3PL) providers, freight trains, container shippers, and more – have sought a way to reliably track and trace the flow of goods from point to point. Passenger transportation companies have also sought to improve route planning and monitor weather patterns to make more accurate decisions about transit times and communication.

Transportation and logistics companies are the originals when it comes to distributed technology architecture. Cars, trucks, buses, ships, trains, and airplanes all have onboard computers to monitor performance and operate the vehicle. Once the device rolls off the factory floor, it functions with its original function and security unless brought somewhere to update technology.

IoT has changed that. Commercial and consumer vehicles alike can now be tracked, monitored, and even (potentially) updated in real-time with IoT systems embedded into the machinery. Fleet management is perhaps the most significant use case for connected devices today. Knowing the exact location of a vehicle is vital for logistics providers in today’s world of just-in-time deliveries and stretched supply chains.

This power of IoT to provide real-time visibility into all sorts of details for transportation and logistics companies comes with corresponding worries about security. As we’ve written extensively before, IoT devices often make easy targets for cybercriminals. Transportation and logistics companies fulfill such critical functions in modern society, including passenger transit and last-mile logistics, that they need to pay close attention to security as they adopt IoT devices more broadly.

The Biggest IoT Risks for Transportation and Logistics

Transportation and logistics companies face several key risks from their growing usage of IoT devices. To start with, IoT devices are difficult to monitor at the best of times. With vehicles constantly on the move and unreliable internet throughout much of the world, monitoring IoT devices embedded into vehicles becomes even more difficult. The industry expects to counter this with 5G and low-latency cellular networks that allow devices to communicate back to a central hub outside of WiFi range. 

IoT devices are also often insecure. They come with default passwords that are easy to guess and difficult to change before connecting to the internet. Their firmware is often built with speed to market instead of security at the forefront. Further, the reality that IoT devices lack agreed-upon security standards means that device manufacturers have no real best practices to adhere to. This creates what amounts to thousands of potentially insecure devices out in the real world. Even without the basic lack of security in IoT devices, however, cybercriminals still find the transportation sector a target-rich environment.

Cybercriminals Target the Transportation and Logistics Industry

Attacks against transportation and logistics companies can be especially damaging to global trade and the modern business ecosystem. You don’t need to look any further than the 2017 NotPetya attack that brought container shipping vendor Maersk’s operations to a halt. Maersk is the single largest global oceangoing shipping company, with responsibility for 76 ports globally, 800 shipping vessels, and one-fifth of global trade. 

All told, the destruction NotPetya wrought resulted in a loss of $300 million on Maersk’s balance sheet. Every single domain controller except for one – knocked offline in Ghana because of a power outage – was corrupted by the time NotPetya finished. It was because of that power outage in Ghana – that preserved a pristine copy of Maersk’s global system architecture – that Maersk’s recovery wasn’t days or weeks longer than it was. 

Companies like Maersk are integral to operations for every single other business around the world. They also often have antiquated systems as a result of these relationships; there’s no guarantee that every country will have the same level of infrastructure. In the Maersk breach, Ghana’s unreliable infrastructure both saved the day and made it incredibly challenging to restore the global system from the lone surviving data image. 

Some other recent attacks include:

• In June 2023, the personal information of around 8,000 pilots who applied for jobs at American Airlines and Southwest Airlines was stolen from Pilot Credentials, a recruiting company used by the airlines. Both airlines moved applicant information to internal systems following the attack. 
• KNP Logistics blamed a ransomware attack for the company entering administration, with 730 employees losing their jobs. The UK haulage firm was one of the largest independent operators in the country, but unfortunately, the ransomware attack caused them to struggle to find additional investment and funding. 
• Expeditors International of Washington, Inc., shut down most of its operating and accounting systems in February 2022 in the wake of a successful cyber attack. Although they sought to protect data and infrastructure, they unfortunately limited their ability to ship freight, manage customs processing, and distribute customers’ products. The outage went on for three weeks and led to a class action lawsuit from customers such as iRobot and others.

These attacks may not have happened due to IoT devices, but that doesn’t excuse the need for transportation and logistics vendors to secure their connected infrastructure. As more vehicles come with internet-accessible onboard computers and autonomous vehicles move closer to a broad reality, securing the Internet of Things devices embedded in cars, trucks, trains, and more is incredibly important. 

How Asimily Helps Defend Transportation & Logistics Companies

As transportation and logistics companies adopt more smart technologies and IoT devices, it becomes more and more vital to have solutions in place to defend these assets. Asimily’s IoT security platform is designed to assist with securing distributed IoT architectures. For example, being able to determine if an IoT device is sending unencrypted traffic where it shouldn’t be can be a powerful way to defend  If cybersecurity teams notice that a water sensor is transmitting data somewhere it shouldn’t be, for example, that’s vital information to track a potential breach. 

Transportation & logistics companies can also use Asimily’s risk simulation to assess options for mitigating the risk from a given vulnerability. Simulating a fix before work starts can help you determine criticality and whether the weakness is even of interest to attackers. That’s critical information when you’re deciding how to improve your security posture. 

Asimily customers can easily identify high-risk vulnerabilities with a proprietary, patented algorithm that cross-references data from resources like EPSS (Exploit Prediction Scoring System), Software Bills of Material (SBOMs), Common Vulnerability and Exposure (CVE) lists, the MITRE ATT&CK Framework, and NIST Guidelines. It understands your unique environment, so our deep contextual recommendation engine can provide actionable remediation steps in real-time.

Asimily customers are 10x more efficient because they use Asimily to pinpoint and prioritize the top 2% of problem devices that are High-Risk (High Likelihood of exploitation and High Impact if compromised). Unlike many offerings that don’t take into account the effort needed to handle identified issues, Asimily’s recommendations are as easy to perform as possible, including shutting down an unnecessary service and network enforcement solutions.

To learn more about Asimily, download our IoT Device Security in 2024: The High Cost of Doing Nothing whitepaper or contact us today.