Largest Transportation and Logistics Cyberattacks of 2025

Transportation and logistics are one of the industries most poised to benefit from expanding Internet of Things (IoT) usage. For decades, companies in this space – third-party logistics (3PL) providers, freight trains, container shippers, and more – have sought a way to reliably track and trace the flow of goods from point to point. Passenger transportation companies have also sought to improve route planning and monitor weather patterns to make more accurate decisions about transit times and communication.
From trucks and trains to ships and aircraft, nearly all vehicles are now fitted with IoT systems that enable live monitoring and remote updates. Fleet management has emerged as a pivotal driver of operational efficiency in today’s just-in-time delivery landscape.
Yet with this connectivity comes an elevated threat landscape. As central components of critical infrastructure, transportation and logistics systems now serve as high-value attack vectors for threat actors seeking data theft, service disruption, or system compromise. According to IBM X‑Force’s 2025 Threat Intelligence Index, 70% of attacks in 2024 involved critical infrastructure.
This power of IoT to provide real-time visibility into all sorts of details for transportation and logistics companies comes with corresponding worries about security. As we’ve written extensively before, IoT devices often make easy targets for cybercriminals. Transportation and logistics companies fulfill such critical functions in modern society, including passenger transit and last-mile logistics, that they need to pay close attention to security as they adopt IoT devices more broadly.
The Biggest IoT Risks for Transportation and Logistics
Transportation and logistics companies face several key risks from their growing usage of IoT devices. To start with, IoT devices are difficult to monitor at the best of times. With vehicles constantly on the move and unreliable internet throughout much of the world, monitoring IoT devices embedded into vehicles becomes even more difficult. The industry expects to counter this with 5G and low-latency cellular networks that allow devices to communicate back to a central hub outside of WiFi range.
IoT devices are also often insecure. They come with default passwords that are easy to guess and difficult to change before connecting to the internet. Their firmware is often built with speed to market instead of security at the forefront. Further, the reality that IoT devices lack agreed-upon security standards means that device manufacturers have no real best practices to adhere to. This creates what amounts to thousands of potentially insecure devices out in the real world. Even without the basic lack of security in IoT devices, however, cybercriminals still find the transportation sector a target-rich environment. According to the FBI 2024 IC3 report, over 4,800 complaints came from organizations in critical infrastructure sectors.
Cybercriminals Target the Transportation and Logistics Industry
Attacks against transportation and logistics companies can be especially damaging to global trade and the modern business ecosystem. You don’t need to look any further than the 2017 NotPetya attack that brought container shipping vendor Maersk’s operations to a halt. Maersk is the single largest global oceangoing shipping company, with responsibility for 76 ports globally, 800 shipping vessels, and one-fifth of global trade.
All told, the destruction NotPetya wrought resulted in a loss of $300 million on Maersk’s balance sheet. Every single domain controller except for one – knocked offline in Ghana because of a power outage – was corrupted by the time NotPetya finished. It was because of that power outage in Ghana – that preserved a pristine copy of Maersk’s global system architecture – that Maersk’s recovery wasn’t days or weeks longer than it was.
Companies like Maersk are integral to operations for every single other business around the world. They also often have antiquated systems as a result of these relationships; there’s no guarantee that every country will have the same level of infrastructure. In the Maersk breach, Ghana’s unreliable infrastructure both saved the day and made it incredibly challenging to restore the global system from the lone surviving data image.
Some other recent attacks include:
- In July 2025, the 158-year-old UK logistics firm Knights of Old (KNP) Logistics Group was forced into collapse following a ransomware attack that began with a single weak password. After gaining access, threat actors encrypted critical data, including backups and disaster recovery systems. The company was unable to meet the ransom demand of £5–6 million and, unfortunately, was forced to cease operations, leaving around 700 employees jobless and disabling approximately 500 trucks.
- In May 2025, Western logistics and technology companies involved in shipping military and humanitarian aid to Ukraine were targeted by Russian state-sponsored threat actors. These actors launched spear-phishing campaigns and exploited vulnerabilities in small office/home office networks to gain access to more than 10,000 internet-connected cameras near transit points such as ports, rail hubs, and border crossings, enabling surveillance of aid routes. In response, CISA (alongside other agencies) issued a joint cybersecurity advisory, urging logistics organizations to assume they are targeted, increase monitoring and threat hunting, and strengthen network defenses.
- In June 2023, the personal information of around 8,000 pilots who applied for jobs at American Airlines and Southwest Airlines was stolen from Pilot Credentials, a recruiting company used by the airlines. Both airlines moved applicant information to internal systems following the attack.
- KNP Logistics blamed a ransomware attack for the company entering administration, with 730 employees losing their jobs. The UK haulage firm was one of the largest independent operators in the country, but unfortunately, the ransomware attack caused them to struggle to find additional investment and funding.
- Expeditors International of Washington, Inc., shut down most of its operating and accounting systems in February 2022 in the wake of a successful cyber attack. Although they sought to protect data and infrastructure, they unfortunately limited their ability to ship freight, manage customs processing, and distribute customers’ products. The outage went on for three weeks and led to a class action lawsuit from customers such as iRobot and others.
These attacks may not have happened due to IoT devices, but that doesn’t excuse the need for transportation and logistics vendors to secure their connected infrastructure. As more vehicles come with internet-accessible onboard computers and autonomous vehicles move closer to a broad reality, securing the Internet of Things devices embedded in cars, trucks, trains, and more is incredibly important.
How Asimily Helps Defend Transportation & Logistics Companies
As transportation and logistics companies adopt more smart technologies and IoT devices, it becomes more and more vital to have solutions in place to defend these assets. Asimily’s IoT security platform is designed to assist with securing distributed IoT architectures. For example, being able to determine if an IoT device is sending unencrypted traffic where it shouldn’t be can be a powerful way to defend If cybersecurity teams notice that a water sensor is transmitting data somewhere it shouldn’t be, for example, that’s vital information to track a potential breach.
Transportation & logistics companies can also use Asimily’s risk simulation to assess options for mitigating the risk from a given vulnerability. Simulating a fix before work starts can help you determine criticality and whether the weakness is even of interest to attackers. That’s critical information when you’re deciding how to improve your security posture.
Asimily customers can easily identify high-risk vulnerabilities with a proprietary, patented algorithm that cross-references data from resources like EPSS (Exploit Prediction Scoring System), Software Bills of Material (SBOMs), Common Vulnerability and Exposure (CVE) lists, the MITRE ATT&CK Framework, and NIST Guidelines. It understands your unique environment, so our deep contextual recommendation engine can provide actionable remediation steps in real-time.
Asimily customers are 10x more efficient because they use Asimily to pinpoint and prioritize the top 2% of problem devices that are High-Risk (High Likelihood of exploitation and High Impact if compromised). Unlike many offerings that don’t take into account the effort needed to handle identified issues, Asimily’s recommendations are as easy to perform as possible, including shutting down an unnecessary service and network enforcement solutions.
To learn more about Asimily, download our IoT Device Security in 2024: The High Cost of Doing Nothing whitepaper or contact us today.
Reduce Vulnerabilities 10x Faster with Half the Resources
Find out how our innovative risk remediation platform can help keep your organization’s resources safe, users protected, and IoT and IoMT assets secure.