In the past month, cyber attacks have targeted the information technology foundational to the transportation networks undergirding global supply chains. In the past year, in several geopolitical hot spots, physical manipulation and infiltration of transportation networks are on the rise to achieve military objectives. At the same time, ‘traditional’ supply chain attacks continue to increase, and impact transportation networks through opportunistic attacks.
Supply chains are caught in the crossfires of geopolitics, malicious attackers, and criminal networks, serving as the battleground both for exploitation and weaponization. Supply chain resilience strategies must evolve to internalize these new risks and modernize people, processes, and technologies to secure supply chains against these new forms of disruptions.
Digital Supply Chain Compromise Targeting Data
Supply chain attacks are an initial access technique, where the compromised entity differs from the actual target. For instance, over a decade ago, the Target breach involved credential theft of their HVAC supplier, which ultimately allowed the attackers access to release malware into their networks.
These indirect attacks are on the rise. Over a third of attacks in 2024 originated in a supply chain attack, and are expected to cause over $60B in damages globally this year. For the most part, these are largely viewed through the lens of digital attacks, and rarely explore the role of these attacks on transportation networks.
For instance, the Salesforce data breach is a recent example, whose impact largely focuses on the tech and retail giants impacted. However, Stellantis recently confirmed that they were also affected. Stellantis is the world’s fifth-largest automaker by volume but is not alone in transportation networks impacted by the Salesforce breach; Qantas and Air France-KML also were impacted, with customer data stolen. According to interos.ai analysis of tier 1-3 companies linked to Salesforce, over 3.5 million companies may be at risk of this breach. While transportation networks may not be the initial target, they are opportunistically breached as part of a broader campaign.
Digital Compromise with Physical Impact
In contrast, physical supply chain motivated-attacks on transportation networks are almost always targeted, as opposed to opportunistic, but still may involve third-party attacks. The recent European airport disruptions were caused by an attack on a software company that provided the automated check-in systems and hindered baggage systems. In this case, officials confirmed a ransomware attack, highlighting the financial motivations behind the rise in attacks on critical infrastructure.
The automotive world has also experienced a spike in cyber attacks. Described by Wired as “a supply chain disaster,” Jaguar/Land Rover (JLR) is weeks into recovering from a cyber attack that has cost millions of dollars, halting production, and potentially leading to layoffs. As Rachel Reeves, Britain’s chancellor of the Exchequer noted, “There is a wider issue here, of ensuring that foreign states, including Russia, cannot bring down production, or flights, or public services in Britain. It is a new and a growing threat.”
These examples demonstrate the exploitation and attacks targeting vulnerabilities in supply chains. Conversely, there is also the growing weaponization of supply chains that exploits transportation networks for offensive aims. A year ago, the Hezbollah pager attacks illustrated the infiltration of complex supply chains for lethal objectives. As Dmitri Alperovitch summarized, those attacks were, “the most extensive, publicly-known physical supply chain attack we’ve ever seen, may even see for a while.’
The Ukrainian Operation Spiderweb, while extremely distinct from the pager attacks, also demonstrates the weaponization of supply chains, especially transportation networks. This campaign created a front company, a fake logistics firm, rented office spaces and warehouses, leveraging supply chain transportation routes and trucks to trigger a widespread drone attack far inside Russian borders.
Prepping the Battlefield: Building Resilience into Transportation Networks
Just as supply chain attacks are on the rise across digital ecosystems, their digital and physical impact on transportation networks must garner more attention and, more importantly, new strategies. Strategic shifts to secure all aspects of people, processes, and technology are critical, especially for those in logistics and transportation networks.
How can organizations prepare for this threat landscape? Stellantis summarized key criteria in their statement, “Upon discovery, we immediately activated our incident response protocols, initiated a comprehensive investigation, and took prompt action to contain and mitigate the situation. We are also notifying the appropriate authorities and directly informing affected customers.” Illustrative of a multi-faceted response to the attacks, organizations must also simultaneously seek to improve detection and resilience against these kinds of attacks.
Mitigation is a multi-faceted process that crosses traditional corporate boundaries. Clearly, early detection and getting ahead of the threat is ideal, but in this rapidly changing landscape, mitigation strategies are essential. At interos.ai, we merge AI and domain expertise to support early detection, while working with partners for mitigation and actionability. Transportation networks are just the latest target-rich environment leveraged for both exploitation and weaponization. Supply chains continue to emerge as the new frontline in attacks, and resilience strategies must evolve accordingly.
Transportation networks are now a frontline for cyber and physical attacks. interos.ai can help you assess your risk exposure, strengthen resilience, and modernize your supply chain defense. Talk with one of our supply chain experts to see how.