Cybercriminals Hijack Freight: How Cybercrime Techniques Are Fueling Cargo Theft

The playbook that ransomware operators use to compromise networks and extract payments is being repurposed with devastating effectiveness against an unexpected target: the global supply chain. Entire truckloads of goods, from pharmaceuticals to consumer electronics, are being rerouted and disappearing into criminal networks, not through movie-style hijackings, but through carefully crafted cyberattacks that exploit the same techniques used in traditional cybercrime.

"In 2025, Verisk CargoNet reported approximately $725 million in cargo crime losses across North America," explained Ben Wilkens, director of cybersecurity at the National Motor Freight Traffic Association (NMFTA). "While this number is staggering in its own right, it only represents reported losses. Too often stolen freight goes unreported, especially when suffered by private companies on the smaller end of the size spectrum."

What makes this trend particularly concerning is the convergence of two previously separate threats: cargo theft and cybercrime. Industry estimates now indicate that the majority of cargo crime in the United States involves a cyber-enabled component, representing a paradigm shift for an industry traditionally focused on physical security measures.

A Familiar Kill Chain, A Novel Target

The attack methodology will be immediately recognizable to cybersecurity professionals who have dealt with credential theft and email compromise. The process begins with reconnaissance, where threat actors gather public information from sources like the United States Department of Transportation (USDOT) numbers, Federal Motor Carrier Safety Administration (FMCSA) registry information, motor carrier numbers, insurance details, and employee information.

From there, phishing emails target staff in dispatch, customer service, or accounting—anyone with access to sensitive information. Credentials are stolen, and email compromise follows. This is where the attack diverges from traditional cybercrime. Instead of deploying ransomware or pivoting to financial systems, attackers use compromised email accounts to monitor shipment notifications, load tenders, and bills of lading for shipments in transit.

"They then inject themselves into these communications from the trusted email account and make subtle changes," Wilkens noted. "A pallet count here, a destination there—sending falsified information to alter a planned route and redirect a legitimate load of freight to a different delivery location that they control."

Alternatively, attackers may register a new, fraudulent carrier with the FMCSA using stolen but valid identification details from a legitimate fleet. They then book real loads from legitimate load boards under that false identity. Professional truck drivers, completely unaware of the deception, pick up these loads believing they're hauling for legitimate companies.

Once delivered to criminal warehouses, the freight is immediately broken down into smaller shipments or cross-docked to another truck under falsified paperwork, effectively laundering the goods directly back into the supply chain. Many consumables are sold within hours and consumed within days due to shelf life limits, making recovery nearly impossible.

"By the time the legitimate shipper, broker, or motor carrier figures out what happened, their freight is gone, the fraudulent carrier has disappeared, and they're left holding the bag for what can amount to catastrophic financial liability," Wilkens emphasized. "A single tractor trailer loaded with pharmaceuticals can carry a price tag in the millions. A single load of pistachios? Hundreds of thousands of dollars. These are not losses that the average small to midsized fleet is equipped to handle."

Why the Transportation Industry is Vulnerable

The defensive playbook isn't unfamiliar to cybersecurity professionals. Phishing-resistant multi-factor authentication, out-of-band verification before critical changes to banking information or routing details, strong vendor management processes, and robust email security are all standard best practices. So why is this problem so widespread?

"The answer lies in the unique economics and structure of the transportation industry," Wilkens explained. "A trucking company with only a hundred or two trucks generates as much cyber risk as a much larger professional services firm, but they typically operate on very thin margins and with a fraction of the security budget found in many other industries."

Many fleets simply lack the headcount or resources to implement sophisticated cybersecurity programs. Operational efficiency often takes precedence over security, with integrations and vendor tools implemented without adequate security considerations. This creates gaps that threat actors have learned to exploit.

"The attackers have figured out that the transportation sector represents a soft target with high-value, low risk, perishable and easy to launder payouts," Wilkens added. "They've also discovered that the legal and regulatory consequences of stealing cargo are much less severe than attacking the financial sector or a hospital."

Industry Response and Resources

Recognizing the severity of the threat, the National Motor Freight Traffic Association (NMFTA) has developed several resources to help combat cyber-enabled cargo crime. Their Cybersecurity Cargo Reduction Framework specifically maps cybersecurity controls to cargo crime threat vectors across six categories: organized crime, insider threats and collusion, social engineering and deception, identity theft and fraud, and technical exploitation.

"The framework is free to download, as is our Road to Resilience series of guidebooks for fleets ranging from individual owner operators to midsized fleets," Wilkens noted. "These guides adapt traditional cybersecurity standards like NIST CSF, CIS Controls, etc. for an audience that lacks cybersecurity expertise and resources, providing clear, digestible guidance on how to secure a transportation operation."

NMFTA also manages the Freight Fraud Prevention Hub, a central resource where motor carriers, third-party logistics providers (3PLs), brokers, shippers, and professional truck drivers can find educational materials, resources, and guidebooks on preventing freight fraud and cyber-enabled cargo crime.

For cybersecurity professionals outside the transportation sector, Wilkens extends a special invitation: "A critical infrastructure vertical needs your skills. Join your peers from the transportation sector at the NMFTA 2026 Cybersecurity Conference, September 29-October 2 in Long Beach, CA. This is the only event in North America dedicated to cybersecurity in the transportation sector, with both executive and technical content, hands-on experience, and tabletop exercises on topics ranging from cyber-enabled cargo crime to heavy vehicle OT security."

The convergence of cybercrime and cargo theft represents one of the most significant emerging threats to global supply chains. As digital transformation continues to reshape the transportation industry, the security community must adapt its expertise to protect this critical infrastructure from increasingly sophisticated adversaries.

For more information on NMFTA's cybersecurity resources, visit their official website or download the Cybersecurity Cargo Reduction Framework. The NMFTA 2026 Cybersecurity Conference offers an opportunity for security professionals to engage with this unique challenge and help shape the future of transportation security.