Transport and logistics service providers are increasingly in the crosshairs of international cybercriminals. In order to manipulate real flows of goods, steal cargo, and cripple supply chains, the attackers use digital entry points. Only at the beginning of November did the security company Proofpoint publish findings that groups of perpetrators are increasingly using so-called "Remote Monitoring Tools"—i.e., remote maintenance programs—to infiltrate the systems of logistics companies. The classic cargo theft is thus shifting more and more into the digital world – with significant consequences for the transport sector.
From digital access to physical theft
As Proofpoint describes in the published analysis, criminals infiltrate corporate systems via compromised user accounts, forged freight offers, and manipulated emails. “The perpetrators fraudulently gain access in order to bid on real shipments and then steal them,” says the report. Proofpoint has observed since mid-2025 a connected series of such attacks. According to its own statements, the IT security company has since August 2025 observed nearly two dozen attack campaigns targeting freight forwarders and freight brokers.
The focus is on remote maintenance tools such as Screenconnect, PDQ Connect, Fleetdeck, Simplehelp, N-able and Logmein Resolve. These programs are actually intended to remotely maintain computers. According to Proofpoint, the attackers use this legitimate software to infiltrate networks without being detected. The malware disguises itself as a real, signed installation file – a trick that is particularly hard to detect. This enables the attackers to quietly take control of computers, networks and dispatch systems.
The Proofpoint report concentrates on North America, particularly the United States. The researchers observe attacks on freight forwarders, freight brokers and road transport companies, i.e., primarily truck-based goods transport. Container- or sea freight logistics were not the subject of the investigation. The described patterns nevertheless serve as indicators of globally similar approaches.
Proofpoint documents three main tactics. In some cases, the attackers used compromised accounts on digital freight exchanges; in others, they took over ongoing email conversations or sent broad phishing emails. The selection of victims is thus not targeted, but opportunistic – every company with digital connectivity can be affected.
Organized crime with a new tool
According to the report, the digital attacks have the same purpose as classical robberies: the theft of physical goods. Proofpoint cites estimates from the National Insurance Crime Bureau, according to which cargo thefts in the USA cause billions of dollars in damages annually. The $34 billion
cited in the report relates to total damages in freight transport and should be understood as a rough guide, not as an exact metric.
According to Munich Re, the world's reported cases of cargo theft rose by about 27 percent in 2024. For 2025, the company expects a further increase of 22 percent. The USA, Brazil, Mexico, India, Germany, Chile and South Africa are particularly affected. Among the most frequently stolen goods are food, beverages and electronics. Munich Re attributes the rise in part to unsecured parking areas, missing control systems in supply chains, and the misuse of digital platforms.
Proofpoint sees a link between the observed cyber campaigns and organized-crime structures. The perpetrators combine classic logistics know-how with IT competence – a dangerous mix that is hardly distinguishable at the border between online and offline crime. As evidence, Proofpoint cites an example from a public Reddit forum: there, a freight forwarder reported that attackers had gained access to his system through a manipulated contract link, deleted bookings, and inserted their own vehicles into the disposition. The cargo subsequently disappeared.
Weaknesses along the supply chain
Security gaps in German transport chains had already been warned about in 2023 by the Federal Office for Information Security (BSI) in an industry study. Those most at risk are companies that are closely networked with external partners. The integration of software providers, maintenance firms and freight exchanges creates entry points when security measures are lacking. This assessment aligns with Proofpoint’s current observations: Access via partner networks and external systems is also one of the most common entry points for cyberattacks. Access via partner networks is regarded as the most frequent entry point for attacks.
The BSI states in its study that insufficient control over remote access and service providers makes the entire supply chain vulnerable – exactly those weaknesses Proofpoint has now demonstrated in real-world attack campaigns.
According to a September 2025 survey by Sophos and the market research institute TechConsult, 78.8 percent of logistics professionals and executives surveyed in Germany stated that they had already been directly or indirectly affected by a cyberattack. Sophos reports that attacks often occur via external partners or employees. The survey shows that many companies recognize their dependence on digital processes and third-party providers as a risk, but only partly have appropriate protective measures in place.
Similarly, a 2023 study published by the Bundesvereinigung Logistik (BVL)
together with the consulting firm Secida concluded that especially small and medium-sized enterprises are aware of the threat but often lack the budget or personnel for a systematic security management program.
Telematics systems: protection with a double-edged sword
Telematics systems in trucks and trailers provide a certain level of protection. They enable real-time location tracking, geofencing, and tamper alarms. However, according to the BSI and several European CERTs, they also carry their own risks: if systems are not updated regularly or are operated via insecure interfaces, they can themselves become an entry point. This is especially true for older fleets or systems with cloud connectivity, where updates must be installed manually.
A crucial role is played by the drivers. They must recognize alarms, respond, and follow security-relevant protocols. Without training and clear responsibilities, even the best telematics system remains ineffective. IT security does not end in the headquarters – it also begins in the driver's cab.
Economic risks with real consequences
According to the Proofpoint report, the impacts can extend far beyond data loss if the attacks are not aimed at physical theft of goods. The security company warns of massive disruptions to supply chains if disposition systems or communication channels fail. In some cases, attackers blocked telephone systems and email access of dispatchers to carry out fraudulent orders without hindrance.
How vulnerable even large logistics service providers are is illustrated by real cases from Europe: Osnabrück-based Hellmann Worldwide Logistics reported a cyberattack on its data center on December 9, 2021. The company shut down parts of its IT systems for security reasons to prevent further spread. Hellmann confirmed that there may have been unauthorized access to data, and warned customers about possible fraudulent emails related to the incident. The attack led to temporary disruptions in operational operations, particularly in communications with customers and partners.
Also the German subsidiary of Swiss Post Cargo was targeted by a cyberattack in April 2025. According to Swiss Post, the goods logistics division in Germany could not access its IT systems for several days, or only had limited access. About 1,600 business customers were affected; media reports said that data from 2020 to 2025 could have been compromised. The Post initiated internal investigations and, according to its own statements, works closely with external IT security service providers and the authorities.
Other transport modes – different risks
Even more challenges arise in container
and rail transport. In ocean freight, digital seals, IoT containers and automated gate systems protect against physical manipulations. The main risk here, however, lies in data integrity – for example through forged freight documents or compromised interfaces between shipping lines, terminals and freight forwarders.
In rail freight, cyberattacks threaten less the individual cargo than the operational control. Old industry standards, complex networks and long update cycles make the infrastructure vulnerable. According to the BSI, the rail sector is among the most heavily regulated, but also among the most vulnerable areas of critical infrastructure. Accordingly, the attack point shifts depending on the transport mode: for road transport to the cargo, for container transport to the data, for rail to the system.
How companies can respond
For companies that want to protect themselves, Proofpoint recommends strictly regulating the use of remote maintenance software. Only programs explicitly approved by the IT department should be installed. In addition, networks should be configured to automatically detect suspicious connections to external RMM servers. The principle of least privilege can also prevent malware from gaining broad access.
Furthermore, the company points to the security framework of the National Motor Freight Traffic Association, which describes concrete measures against cargo crime. These include technical protective measures as well as training of employees. Proofpoint explicitly advises not to open executable files from external emails and to regularly raise user awareness.
BSI also emphasizes that prevention is more than a technical task. Cybersecurity must be understood as part of the overall risk management – with clear responsibilities at the leadership level. Leaders should regard cyber risks as a fixed component of corporate risk management. Regular emergency drills, clear communication channels in case of an incident, and the assessment of the supplier chain for security standards are central elements.
When IT security becomes a boardroom issue
For managers in road freight, the message is clear: Cybersecurity now determines the reliability of the entire supply chain. Digital attacks can stop real trucks and cause multimillion-dollar damages. The line between data crime and physical theft is blurring.
Proofpoint notes that “cyber-enabled cargo theft has become one of the most common forms of cargo theft” and that criminals are increasingly using legitimate remote maintenance software. The classic freight hijacking has digitized – the risk remains the same. Those responsible in logistics must therefore protect not only cargo and drivers but also the systems
