ACID Technologies provides the transportation sector with 24/7/365 dark web monitoring services, while also monitoring multiple additional sources and platforms. When detecting a threat, ACID sends real-time, actionable alerts with all available information, to enable the targeted transportation system operator to effectively respond to the threat and mitigate its harmful impact on their operation, whether service disruption, ransom demand, data theft or other.

What justifies investing resources to protect the transportation sector from cyber threats?

Transportation is essentially the movement of people and goods from one place to another. As such, it is vital to a nation’s economy and to the economic welfare of its citizens, as well as to society as a whole, and to the quality of life of residents in all regions, nationwide.

What is the importance of transportation to the economy?

Transportation contributes to economic growth in a number of ways, including:

• Transportation systems enable getting raw materials to manufacturing plants that produce goods for consumers. These are often located in the more remote areas, whether due to cost of land, tax rates or environmental considerations.
• Efficient transportation systems minimize the cost and time of travel from one location to another, thus improving economic efficiency of resource use.
• Transportation systems with a wide distribution enable getting goods to consumers even in remote regions.
• Varied transportation modes enable choosing the best mode according to the need – whether less expensive transportation is preferred, which often translates into longer travel time, and vice versa.
• Local and national transportation systems connecting to those of other countries are essential to trade and commerce. They enable competitive manufacturers to export their goods to foreign markets, increase their revenue, and consequently, also the taxes paid to the authorities for the benefit of all citizens.
• The transportation industry employs a large workforce, in developed countries – between 5% and 12% of the total workforce. This amounts to hundreds of thousands to millions. For example, in the USA alone, some 16 million are employed in the transportation sector (BTS – the US government’s Bureau of Transportation Statistics), and in Germany alone – more than 2.2 million (Statista).
• Transportation also facilitates the development of businesses that create additional jobs. Through job creation, this industry helps keep unemployment low.

How is transportation important to society?

The quality of transportation services has major impact on the lives and quality of life of the population, in a number of aspects:

• Efficient and moderately priced transportation services enable people to access healthcare services, benefit from more opportunities for quality education, and find employment in areas that are within reasonable travel distance.
• As such, transportation services are particularly important for underprivileged persons, enabling them to benefit from education services, to earn a higher income than they would if valuable opportunities were inaccessible, and thus promote inclusion and cohesion.
• Not needing to own a car when quality transportation services are available not only benefits people on a personal level by lowering expenses, it also eliminates or reduces traffic congestion and air pollution.

What does the transportation systems sector include?

The USA’s Cybersecurity and Infrastructure Security Agency (CISA) defines the transportation systems sector as consisting of seven key subsectors or modes, as detailed below, providing data relevant to the USA specifically. The data provided by CISA illustrates the enormity of the challenge of protecting this sector from cyberthreats.

• Aviation includes aircraft, air traffic control systems, and about 19,700 airports, heliports, and landing strips. Approximately 500 provide commercial aviation services at civil and joint-use military airports, heliports, and sea plane bases. In addition, the aviation mode includes commercial and recreational aircraft (manned and unmanned) and a wide variety of support services, such as aircraft repair stations, fueling facilities, navigation aids, and flight schools.
• Highway and Motor Carrier encompasses more than 4 million miles of roadway, more than 600,000 bridges, and more than 350 tunnels. Vehicles include trucks, including those carrying hazardous materials; other commercial vehicles, including commercial motorcoaches and school buses; vehicle and driver licensing systems; traffic management systems; and cyber systems used for operational management.
• Maritime Transportation System consists of about 95,000 miles of coastline, 361 ports, more than 25,000 miles of waterways, and intermodal landside connections that allow the various modes of transportation to move people and goods to, from, and on the water.
• Mass Transit and Passenger Rail includes terminals, operational systems, and supporting infrastructure for passenger services by transit buses, trolleybuses, monorail, heavy rail—also known as subways or metros—light rail, passenger rail, and vanpool/rideshare. Public transportation and passenger rail operations provided an estimated 10.8 billion passenger trips in 2014.   
• Pipeline Systems consist of more than 2.5 million miles of pipelines spanning the country and carrying nearly all of the nation’s natural gas and about 65 percent of hazardous liquids, as well as various chemicals. Above-ground assets, such as compressor stations and pumping stations, are also included.
• Freight Rail consists of seven major carriers, hundreds of smaller railroads, over 138,000 miles of active railroad, over 1.33 million freight cars, and approximately 20,000 locomotives. An estimated 12,000 trains operate daily. The Department of Defense has designated 30,000 miles of track and structure as critical to mobilization and resupply of U.S. forces.
• Postal and Shipping moves about 720 million letters and packages each day and includes large integrated carriers, regional and local courier services, mail services, mail management firms, and chartered and delivery services.

What are the common cyber threats faced by the transportation industry?

Some of the most common modes of attack preferred by cybercriminals and cyberterrorists targeting the transportation industry include malware attacks, ransomware attacks, denial-of-service attacks and phishing attacks.

In September 2024, as reported by The Record, cybersecurity firm Proofpoint identified a new campaign directed at a number of shipping companies in North America, which it did not name. Proofpoint analysts arrived at the conclusion that the campaign was being waged after having tracked the activity since the month of May. It seems that the perpetrators were financially motivated. The tool used in the attack was several different strains of malware. The attackers gained access through the use of transportation and shipping companies’ compromised email accounts – at least 15 were found – and sent them malicious links with the intention to steal information. According to Proofpoint, the types of malware used in this cyber attack campaign included Lumma Stealer, StealC, DanaBot and Arechclient2. Some attacks involved impersonation of legitimate software – AMB Logistic, Samsara and Astra TMS – which is used for transport and fleet operations management. According to experts, the involvement of this industry-specific software, and the languages used to bait the victims, seem to indicate that these and possibly other perpetrators research their targets’ operations in advance, and are also familiar with their typical business workflows.

What are some of the recent cyber attacks targeting the transport sector?

• In January 2025, some 42,000 records were stolen from the United Nations’ International Civil Aviation Organization (ICAO), when its recruitment database was hacked. The attacker, which identified itself as Natohub, leaked the documents it claims to have stolen from ICAO on the hacking forum BreachForums.
• In October 2024, several Belgian ports, among them Antwerp and Zeebrugge, were targeted in a DDoS attack by NoName057, a pro-Russian group. The attack was politically motivated, as evidenced by the announcement posted by the group: “The Belgian government will soon be examining a proposal to purchase and transfer three Caesar artillery units to Ukraine. We have decided to pay a visit to Russophobic Belgium to show them how initiatives in support of the criminal regime in Kyiv end.”
• In September 2024, Germany’s state-owned Deutsche Flugsicherung (DFS), which handles the country’s air traffic control, sustained a cyberattack that disrupted its office communications.
• Also in September 2024, the computer systems of Transport for London’s (TfL) were targeted in an ongoing cyber attack, mainly affecting the backroom systems at its corporate headquarters. TfL claimed that its services had not been impacted, and that it could not find evidence of data theft. Employees who were able to work from home were requested to do so.
• In August 2024, the Port of Seattle was the victim of a ransomware attack perpetrated by the Rhysida group. After gaining access to the port’s computer systems, the group encrypted certain parts, causing service disruption. The attacked systems were responsible for ticketing, check-in kiosks, baggage handling, parking, Wi-Fi services, and more. The port refused to pay the ransom that the group had demanded.
• Also in August 2024, and also in Seattle, Seattle-Tacoma International Airport sustained a cyber attack that shut down its internet and web systems. Passengers were therefore requested to complete as much of the preflight process as they could at home, before arriving at the airport.