Ransomware doubles, hitting global supply chains and 283 firms, says Cyble’s 2025 Transport & Logistics Report.
The Transport & Logistics Threat Landscape Report 2025, published by Cyble, reveals a sharp escalation in cyber threats targeting the core pillars of global commerce. The findings document a record 283 ransomware attacks against transport and logistics organisations, surpassing the combined totals of 2023 and 2024. This surge is accompanied by massive data breaches, destructive hacktivist campaigns, and a burgeoning underground market for compromised network access.
The analysis underscores how cybercriminals exploit the sector’s minimal tolerance for downtime, reliance on operational technology, and interconnected supply chains to maximise financial gain. Daksh Nakra, Senior Manager of Research and Intelligence at Cyble, noted that ransomware campaigns in 2025 proved capable of crippling airlines, shipping firms, and ground logistics providers within hours by exploiting single vulnerabilities across multiple organisations.
The sector saw 283 confirmed ransomware victims in 2025. A small group of sophisticated Ransomware-as-a-Service (RaaS) operations accounted for 57 percent of all activity:
- CL0P: 68 attacks (24 percent), driven by large-scale exploitation campaigns.
- Qilin: 43 attacks (15 percent), maintaining sustained year-round pressure.
- Akira: 29 attacks (10 percent).
- Play: 20 attacks (7 percent).
Land transport bore the brunt of these hits, accounting for nearly three out of every four incidents. Logistics and freight services emerged as the most targeted sub-sectors, though airlines, maritime firms, rail operators, and public transit authorities also faced significant systemic risks.
The report identifies a fragmented yet highly active ecosystem for data theft. Key incidents include:
- A breach affecting 6 million Qantas customers, exposing names and frequent flyer details.
- An alleged logistics platform breach involving over 7 million user records sold on underground forums.
- Extensive leaks from courier and postal services across Europe and Asia.
Beyond data theft, a thriving market for compromised network access (VPNs and firewalls) provided initial footholds for espionage. Furthermore, cyber-enabled cargo theft emerged as a growing tactic, with attackers using remote management tools and GPS weaknesses to facilitate physical theft and operational sabotage.
The exploitation of zero-day vulnerabilities in perimeter devices remained a primary attack vector. Most identified flaws carried CVSS scores of 9.0 or higher, allowing unauthenticated remote code execution. Major vendors, including Microsoft, Cisco, Fortinet, Apple, Ivanti, and Citrix, were frequently targeted.
Simultaneously, geopolitical hacktivism reached a fever pitch. Over 40,000 data leak posts impacted 44,000 domains globally. A notable destructive attack against a major Russian airline resulted in grounded flights and massive infrastructure damage, highlighting the intersection of digital conflict and physical logistics.
Key Takeaways
- Ransomware doubled: Attacks rose by over 100 percent, driven by campaign-style exploitation.
- Digital-physical convergence: Cyber incidents now directly enable cargo theft and physical disruption.
- Critical vulnerabilities: High-severity zero-day exploits in enterprise tech are the leading entry points.
SOURCE – PR
