*Written by Ben Wilkens, director of cybersecurity, **NMFTA*** Those working in cybersecurity are well aware of the ransomware playbook: stolen credentials, established persistence, network recon, pivoting to a high-value target cash out. These techniques are well documented with attack frameworks and well-documented kill chains. However, that same playbook is now being used to steal freight. Entire truckloads of goods are being re-routed, disappearing from the legitimate logistics ecosystem and reappearing on the black market. Bottled water, eggs, crab legs, energy drinks, **Legos**, sneakers, pharmaceuticals, pistachios – it's all being stolen by organized criminals using the ransomware playbook and applying it to the transportation industry for different purposes. In 2025, **Verisk CargoNet** reported approximately $725 million in cargo crime losses across North America. The **FBI** Internet Crime Complaint Center (**IC3**) reported roughly $21 billion in cybercrime losses for the same period. These numbers only represent reported losses. Too often, stolen freight and cyberattacks both go unreported, especially when suffered by smaller private companies. These two numbers are increasingly part of the same conversation. The cargo losses we are seeing in the transportation sector are not the result of movie-style hijackings. They are the result of a successful phishing email that results in a fraudulent pickup of a load of pharmaceuticals by a truck destined for a criminal warehouse. Industry estimates indicate that the majority of cargo crime in the United States now involves a cyber-enabled component. This issue is forcing a paradigm shift, as these threat actors are sophisticated, and many are international organized crime groups operating from outside the United States. Their techniques are immediately recognizable to anyone who has been involved in incident response related to traditional cybercrime. ## A Familiar Kill Chain A typical cyber-enabled cargo crime starts with reconnaissance. Public sources such as United States Department of Transportation (**USDOT**) numbers, Federal Motor Carrier Safety Administration (**FMCSA**) registry information, motor carrier (**MC**) numbers, insurance details, and employee information are all researched. Phishing emails are sent to staff in dispatch, customer service, or accounting – those with access to sensitive information. Credentials are stolen, and email compromise results. This is where the two playbooks diverge. Instead of using the compromised credentials to pivot into a corporate system and drop a ransomware payload, the attacker uses a compromised email account to monitor shipment notifications, new load tenders, and bills of lading for shipments underway. They will then inject themselves into these communications, from this trusted email account, and make subtle changes. A pallet count here, a destination there, sending falsified information to alter a planned route and redirect a legitimate load of freight to a different delivery location; one they control. Alternatively, they may register a new, fraudulent carrier with the **FMCSA** using stolen but valid identification details from a legitimate fleet. The attacker then books real loads from real load boards under that false identity. These loads are often picked up by professional truck drivers who have no idea that they are being used as pawns in this crime, they think they are hauling freight for legitimate companies. Once the load is delivered to the criminal warehouse, it is immediately broken down into other shipments or cross-docked to another truck under more falsified paperwork and laundered directly back into the supply chain. Many of the consumables stolen this way will be sold within hours and consumed within days due to shelf life limits, making the process of investigating these crimes and recovering freight an uphill battle at best. By the time that the legitimate shipper, broker, or motor carrier figures out what happened, their freight is gone, the fraudulent carrier has disappeared, and they are left holding the bag for what can amount to catastrophic financial liability. A single tractor trailer loaded with pharmaceuticals can carry a price tag in the millions. A single load of pistachios? Hundreds of thousands of dollars. These are not losses that the average small to midsized fleet is equipped to handle. ## An Industry-Wide Problem The defensive playbook here is not unfamiliar to most cybersecurity professionals: phishing-resistant multi-factor authentication, out-of-band verification before any critical changes to banking information, routing details or shipping documents, strong vendor management processes, email security. None of this is novel. Why then is this problem so widespread? Unfortunately, these types of controls are under deployed in the transportation industry, particularly among the small and midsized fleets that a massive percentage of the freight in this country. A trucking company with only a hundred or two trucks generates as much cyber risk as a much larger professional services firm, but they typically operate on very thin margins and a fraction of the security budget that is found in many other industries. Many of these fleets simply don’t have the headcount or the budget to roll out a sophisticated cybersecurity program. Integrations are put in place for speed and efficiency, vendors offer new tools that promise gains operationally but when not implemented in a secure environment, leave gaps that the threat actors exploit. This is why these numbers are where they are today. The attackers have figured out that the transportation sector represents a soft target with high-value, low risk, perishable and easy to launder payouts. They have figured out that the legal and regulatory consequences of stealing cargo are much less severe than attacking the financial sector or a hospital. They have figured out that many fleets don’t report attacks because the reputational damage of being known as “one of those fleets that lost freight” feels like more of an impact than absorbing significant losses in silence. The result? The same schemes work week after week against fleet after fleet. ## Where the Industry is Making Gains Last year, the **National Motor Freight Traffic Association (NMFTA)** published a [Cybersecurity Cargo Crime Reduction Framework](https://bit.ly/4u9XhG5) that specifically mapped cybersecurity controls to the cargo crime threat vectors that they can address. This guidebook is built around six categories that will be familiar to any threat analyst: Organized crime, insider threats and collusion, social engineering and deception, identity theft and fraud, and technical exploitation. The framework is free to download. So is **NMFTA’s** [Road to Resilience series of guidebooks](https://bit.ly/42yUrhS) for fleets ranging from individual owner operators to midsized fleets. These guides adapt traditional cybersecurity standards like **NIST CSF**, **CIS Controls**, etc. for an audience that lacks cybersecurity expertise and resources, providing clear, digestible guidance on how to secure a transportation operation. **NMFTA** also oversees and manages the [Freight Fraud Prevention Hub](https://bit.ly/4dpfKHw), a central resource where motor carriers, third-party logistics providers (3PLs), brokers, shippers, and professional truck drivers can find educational materials, resources, and guidebooks on how to prevent freight fraud and cyber-enabled cargo crime. For security practitioners who operate outside of the transportation sector, there is an invitation worth considering. A critical infrastructure vertical needs your skills. Join your peers from the transportation sector at the [**NMFTA** 2026 Cybersecurity Conference](https://bit.ly/3OZeeny), September 29-October 2 in Long Beach, CA. This is the only event in North America dedicated to cybersecurity in the transportation sector. With both executive and technical content and even hands-on experience and tabletop exercises and topics ranging from cyber enabled cargo crime to heavy vehicle OT security there is no other conference like this. **If you are looking for a place to put on your cybersecurity super-hero cape and take up a worthy cause, fighting cyber-enabled cargo crime in the transportation sector may just be where you belong!** ### [Learn more at nmftacyber.com](https://bit.ly/3OZeeny). *Sponsored and written by **NMFTA**.*