The Rise of Cyberattacks on the Transport Sector: What Are the Risks?

cyberattack transport thumbnail

Transport becomes latest target

Transport is crucial to the flow of people, goods, and money. Given its crucial role in both domestic and international trade and finance, the transport sector is now becoming one of the most attractive targets for cyber threat actors. In recent years, there has been a spike in cyberattacks against all areas of aviation, maritime, railway, and road transport, with ransomware, data theft, and distributed denial-of-service (DDoS) some of the most commonly reported attacks.


The risks of cyberattacks on transport

Cyberattacks on the transport sector could paralyze entire systems and disrupt services, including booking and ticketing systems for airlines and railways, as well as order processing, shipment tracking, and freight handling systems for the shipping of goods. Moreover, these cyberattacks can pose a risk to sensitive data.


Sensitive data exposure

The IT systems for transport and logistics companies contain a range of sensitive information, from personal travel documents and travel history to shipping information and schedules. These data are attractive targets to data extortion groups and ransomware gangs as they could be used as leverage for ransom demands or be sold directly to third parties for a profit.

For example, in January of 2023, a threat actor hacked into the systems of China Airlines and exfiltrated the personal records of up to 3 million passengers, including the personally identifiable information (PII) of some major Taiwanese politicians and business leaders at big tech firms. Since the stolen data also contained travel documents of European passengers, the hacker encouraged victims to sue the company according to GDPR terms. It remains unclear whether the data were stolen directly from the airline’s systems or from a third party provider.


Supply chain disruption

Modern transport is highly reliant on connected digital technologies. If the IT systems of an airport, railway station, or container port were to shut down, the booking, scheduling, and operations can be severely impacted, disrupting supply chains across all sectors of the economy, including agriculture, mining, manufacturing, and consumer goods.

In a recent ransomware attack at Japan’s largest container port, the Port of Nagoya, all operations had to be completely halted for two days following the attack. This impacted not only shipping operations but also the handling of shipments to and from trailers. Given that the port accounts for 10% of Japanese trade and is responsible for exporting most of Toyota’s domestically manufactured vehicles, the attack made it very costly to not just related entities but the entire economy.


Latest attack trends on transport

Increasingly diversified attack vectors

Not only has there been an increase in cyberattacks against the transport sector, but the attack vectors have also become increasingly diversified and difficult to trace. Oftentimes, an intrusion would enter from a third party supply chain partner or software vendor, making it very difficult to identify an attack at its early stage.

In March of 2023, Ireland’s Dublin Airport suffered a data breach involving its employees’ personal information. This was later identified as a ransomware attack against its management consulting firm, which was breached due to the MOVEit vulnerability.


Politically motivated threat actors on the rise

Most cyberattacks are financially motivated and can be highly costly to the victim and the supply chain. However, there has also been an increase in activities by politically motivated and state-sponsored hacker groups. This surge in activities can be partially attributed to the ongoing war in Ukraine and the political tensions in the West Pacific.

Transport is no doubt one of the main targets of politically motivated threat groups. In late 2022, the websites for more than a dozen US airports were brought down by a massive DDoS attack, which was later claimed responsibility by Russian-speaking hackers. Impacted airports included New York LaGuardia, Chicago O’Hare, and Atlanta Hartsfield-Jackson.


A security wake-up call

The recent surge in cyberattacks across the transport sector signals that organizations have been adopting new technologies without upgrading their security measures. This shows that even traditional sectors could rapidly become cyberattack targets when there is a change in the technology landscape. Organizations must realize that every upgrade in technology should be accompanied by a reassessment of cyber risks.

To prevent DDoS and sensitive information exposure and learn more about data and application security, contact Penta Security



For more information on security implementation, check out Penta Security’s product lines:

Web Application Firewall: WAPPLES

Database Encryption: D’Amo

Identity and Access Management: iSIGN+ 

Automotive, Energy, Industrial, and Urban Solutions: Penta IoT Security