When you break down how transportation companies actually work, you can find yourself looking at nothing but supply chains. From moving people or goods from one place to another, keeping track of the vehicles that are transporting those people or goods, the third parties that are responsible for the maintenance and operations of those vehicles, along with a list of other business-critical functions, it’s easy to see how these companies would need to lean heavily on internet-connected technology in order to be successful.
However, since these companies are so reliant on the internet, they present a juicy target for the cybercrime underground. Transportation companies are constantly in the discussions on criminal forums, with nefarious actors attempting (and some succeeding) to attack companies’ infrastructure along their supply chains for their own illegal gains.
Below are just some of the examples Intel 471 has observed when it comes to criminals going after transportation companies.
Intel 471 has long tracked criminals who specialize in selling access to compromised systems or stolen information. Some of those we have tracked have used their ability to target transportation companies as a way to stand out in the cybercrime underground. Here are some of the instances we have observed:
Gift cards have long been a staple of the cybercrime underground, utilized by criminals as a way to move money. Whether it be physical cards or solely online credits, numerous transportation companies use gift cards as a way from customers to buy flights. There are actors that have leveraged that ability for their own crimes.
Ransomware is a top threat for all internet-connected businesses. The transportation sector is no different.
Intel 471 has observed numerous attacks on transportation-based organizations, including entities in both the public and private sector. These incidents have all the hallmarks of a ransomware-as-a-service attack, with crews “renting” software to launch the attack, hundreds of gigabytes in data stolen, and calls for million-dollar ransom payments.
Transportation companies are as dependent on technology as any other company. With that trend likely to keep growing, is it imperative that these companies understand where their weak spots are when it comes to cybersecurity and how the cybercrime underground will exploit them if those weaknesses are left unchecked. Keys to a successful business often rely on the internet, just as cybercriminals rely on it to carry out their crimes. By being proactive in assessing risk and closing vulnerabilities, transportation companies will prevent their technology stacks from being a target for the cybercrime underground.
European law enforcement officials say a secret U.S. FBI task force called Group 78 used covert tactics to disrupt the Black Basta ransomware group, but it has caused tension. Intel 471 analyzes the delicate dynamics.
Check fraud in the U.S. is booming. Fraudsters steal checks and sell them on underground channels where they are purchased, modified and deposited in hopes of a payment. Here's a briefing on this multi-layered crime.
In August 2025, two anonymous researchers released 9 GB of data from a workstation of a likely advanced persistent threat (APT) group. Here’s an analysis of the data by Intel 471’s Cyber Geopolitical Risk team.
Stay informed with our weekly executive update, sending you the latest news and timely data on the threats, risks, and regulations affecting your organization.