10 recent cyber attacks on the transport & logistics sector

In this post we summarise recent cyber-attacks on transport and logistics operators.

• Oahu Transit Services (United States)
• Baltic Flight Carriers (Baltic Sea, Black Sea, and eastern Mediterranean)
• Radiant Logistics (United States)
• Beirut-Rafic Al Hariri International Airport (Lebanon)
• DP World (Australia)
• Estes Express Lines (United States)
• Elron (Estonia)
• Auckland Transport (New Zealand)
• Polish Railways (Poland)
• Port of Nagoya (Japan)

Transport and logistics sector overview

The transport and logistics sector is responsible for the movement of people and goods. Our definition covers the public and private transport systems, infrastructure, and ancillary services associated with:

• Aviation – airports and airlines
• Maritime – ports and shipping
• Rail – light rail, trams, and heavy rail
• Road – roads including highways and freeways, trucking, and buses

Our definition of transport and logistics covers the transport and logistics elements of other sectors we monitor, including food and agriculture, and mining and metals.

Transport and logistics is a prime target for cyber attacks

Between 1 July 2023 and 30 July 2024, we identified 27 publicly reported cyber incidents affecting organisations in the transport and logistics sector. It was second only to the manufacturing sector.

Some attacks resulted in data loss exclusively. Ransomware victims who lost data included the Belt Railway Company of Chicago (therecord.media), Welsh haulage company Owens Group (ibtimes.co.uk), and Australian fuel distributor North Coast Petroleum (cyberdaily.au).

Theft of information can have several consequences.

• Where personally identifiable information (PII) is breached, such as that of employees, the people to whom it belongs are put at increased risk of fraud, identity theft, and other potential risks such as personal safety.
• Contracts and intellectual property, which can be commercially sensitive, could find its way into the hands of competitors.
• Infrastructure asset information can expose sensitive details, such as confidential asset locations, makes and models of items, and condition, which in the hands of adversaries can make exploitation easier.

Transport and logistics cyber attacks that caused service interruption

Whilst many incidents resulted in the theft of information exclusively, there was no shortage of attacks that impacted service delivery.

Oahu Transit Services

Manages Honolulu’s bus and paratransit system

Date: June 2024
Country: United States
Consequences: Financial loss resulting from inability to charge users

A cyber attack caused an outage of TheBus and Handi-Van systems managed by the Honolulu Department of Transportation Services. The incident disrupted online services, including GPS services and Holo Card readers, leading to financial losses as riders were not charged. The FBI and other authorities were involved in the investigation. No ransom was paid, and the exact nature of the attack remained unclear.

Read more: kitv.com

Baltic Flight Carriers

Flight operators in the Baltic region

Date: Years long
Region: Baltic Sea, Black Sea, and eastern Mediterranean
Consequences: Use of alternative navigation methods, or flight suspension

Russia has been causing disruption to GPS systems affecting thousands of civilian flights in the Baltic region. The interference has prompted airlines such as Finnair to suspend flights, and impacted maritime signals used by boats. Estonia’s Foreign Minister has blamed Russia for the interference, which violates international agreements.

Read more: bbc.com

Radiant Logistics

International freight logistics and supply chain services technology

Date: March 2024
Country: United States; service disruptions in Canada
Consequences: Service disruption for Canadian customers

Radiant Logistics experienced a cyberattack on March 14, 2024, which led to the isolation of its Canadian operations. The incident caused service disruptions in Canada, but the company’s operations in other countries remained unaffected. Radiant Logistics activated incident response protocols and engaged cybersecurity professionals to mitigate the breach. The company reported no material impact on its financial conditions or operational results.

Read more: thecyberexpress.com

Beirut-Rafic Al Hariri International Airport

Beirut’s international airport

Date: January 2024
Country: Lebanon
Consequences: Compromised flight information display screens

Flight information display screens at Beirut’s international airport were hacked, displaying politically motivated messages. The incident also briefly disrupted the baggage inspection system.

Read more: apnews.com

DP World

Major global ports operator

Date: November 2023
Country: Australia
Consequences: Three-day suspension of operations, leading to 30,000 container backlog

DP World Australia experienced a cyber attack in November 2023, leading to a three-day suspension of operations and the theft of employee personal data. The breach, detected on November 10, affected container terminals in Melbourne, Sydney, Brisbane, and Fremantle, disrupting freight movements. No customer data was compromised, and no ransomware was found. The company cleared a backlog of over 30,000 containers by Nov. 20. According to multiple cybersecurity analysts, the port operator had failed to fix a critical IT vulnerability known as CitrixBleed when hit.

Read more: abc.net.au and theguardian.com

Estes Express Lines

Richmond-based less than truckload (LTL) carrier

Date: October 2023
Country: United States
Consequences: Temporary freight diversions to competitors

Estes Express Lines experienced a cyber attack in October 2023 that disrupted its email, phones, website, and other systems for weeks. The attack led to temporary freight diversions to competitors before Estes restored its systems and regained business.

Read more: truckingdive.com

Elron

Estonian national rail carrier

Date: September 2023
Country: Estonia
Consequences: Financial loss resulting from inability to charge users

A cyber attack disrupted Elron’s ticketing system in September 2023, affecting sales at train terminals, on trains, and online. Passengers were allowed to travel for free or pay with cash to the train attendant. The attack was linked to distributed denial of service (DDoS) attacks on third-party ticketing system provider, Rindago, by Russia supporters.

Read more: err.ee

Auckland Transport

New Zealand transport service

Date: September 2023
Country: New Zealand
Consequences: Financial loss resulting from inability to charge users

Auckland Transport suffered two cyber attacks in the same month in 2023. The first, around 18 September, was a result of an attack by the Medusa ransomware gang. The incident disrupted ticketing systems, online top-ups, and customer service centres. No personal or financial data was believed to be compromised. Medusa demanded US$1 million to delete the data and threatened to publish it within seven days. On the 29 September, Auckland Transport experienced a DDoS attack, resulting in intermittent issues accessing their website, AT Mobile App, AT Park, Journey Planner and public information displays. It is believed this was in retaliation for Auckland Transport not complying with the ransom demand.

Read more: cyberdaily.au and nzherald.co.nz

Polish Railways

Poland’s railways

Date: August 2023
Country: Poland
Consequences: Emergency stoppage of around 20 trains

Hackers broke into Poland’s railway radio frequencies, and caused an emergency stoppage of about 20 trains near Szczecin. The saboteurs sent simple “radio-stop” commands via the radio frequency to the trains they targeted, triggering their emergency stop function. The attack, which included recordings of Russia’s national anthem and a speech by President Putin, disrupted traffic in the north-west of the country. Services were restored within hours.

Read more: bbc.com and wired.com

Port of Nagoya

Japan’s largest port by cargo throughput

Date: July 2023
Country: Japan
Consequences: Two-day suspension of operations

Nagoya port in Japan was non-operational for over two days due to a ransomware attack by LockBit 3.0, causing a failure in the Nagoya Port Unified Terminal System (NUTS). The attack disrupted the loading and unloading of containers, impacting Toyota Motor’s shipments of imported and exported parts.

Read more: bleepingcomputer.com and csoonline.com