Physical Cargo Theft Gets a Boost From Cybercriminals TechTarget and Informa Tech’s Digital Business Combine.TechTarget and InformaTechTarget and Informa Tech’s Digital Business Combine.Together, we power an unparalleled network of 220+ online properties covering 10,000+ granular topics, serving an audience of 50+ million professionals with original, objective content from trusted sources. We help you gain critical insights and make more informed decisions across your business priorities.Dark Reading Resource LibraryBlack Hat NewsOmdia CybersecurityAdvertiseNewsletter Sign-UpNewsletter Sign-UpCybersecurity TopicsRelated TopicsApplication SecurityCybersecurity CareersCloud SecurityCyber RiskCyberattacks & Data BreachesCybersecurity AnalyticsCybersecurity OperationsData PrivacyEndpoint SecurityICS/OT SecurityIdentity & Access Mgmt SecurityInsider ThreatsIoTMobile SecurityPerimeterPhysical SecurityRemote WorkforceThreat IntelligenceVulnerabilities & ThreatsRecent in Cybersecurity TopicsСloud SecurityHackers Use AI for Exploit Development, Attack AutomationHackers Use AI for Exploit Development, Attack AutomationbyAlexander CulafiMay 11, 20264 Min ReadСloud SecurityAfter Replacing TeamPCP Malware, 'PCPJack' Steals Cloud SecretsAfter Replacing TeamPCP Malware, 'PCPJack' Steals Cloud SecretsbyNate NelsonMay 7, 20265 Min ReadWorld Related TopicsDR GlobalMiddle East & AfricaAsia PacificLatin AmericaSee AllThe EdgeDR TechnologyEventsRelated TopicsUpcoming EventsPodcastsWebinarsSEE ALLResourcesRelated TopicsResource LibraryNewslettersPodcastsReportsVideosWebinarsWhite Papers Partner PerspectivesDark Reading Resource LibraryCyber RiskICS/OT SecurityCybersecurity OperationsVulnerabilities & ThreatsNewsPhysical Cargo Theft Gets a Boost From CybercriminalsCargo theft is no longer about small groups of criminals operating on the ground, but transnational cybercriminal syndicates using access to supply chain systems to reroute goods.Robert Lemos,Contributing WriterMay 4, 20265 Min ReadSource: Siwakorn1933 via ShutterstockCyber operations have grown to become a major component of cargo theft over the past four years, with transnational cybercriminal groups increasingly using phishing, impersonation, and remote compromise to hijack goods during transport.The FBI has warned that cargo theft losses in the US and Canada jumped 60%, to an estimated $725 million in 2025, as criminals adopted a cyber-enabled playbook for compromising brokers, carriers, and shippers — using that access to conduct a variety of illegal schemes. Often threat actors will use impersonation to pose as a broker and phishing with links to malicious sites to steal credentials and install malware. In other cases, they will create fake online orders for shipping cargo, while fraudulently bidding on real loads, the FBI stated.Cyber-enabled cargo theft — often called strategic cargo theft, because the criminals operate more like businesses than smash-and-grab cargo thieves — leads to cargo shippers and transporters willingly giving their cargo to criminals, says Keith Lewis, vice president of operations at Verisk Cargonet, a transportation-industry threat-intelligence service.Related:Research Hub Bridges Cybersecurity Gap for Under-Resourced Organizations"The bad guys are good at a few different things: one is return on investment, two is they know our business better than we do, and three is the innovation," he says. "We can come up with four or five different stop-gaps for [the current schemes], and they'll come up with four or five different workarounds. There's just no silver bullet."The FBI's April 30 threat notice to the transportation industry highlights the changes in cargo-related crime. Enabled by technology and compromised logistics systems, cargo theft has moved beyond local criminal groups and become a favored strategy of transnational criminal groups, because they can conduct the fraud from overseas, including compromising remote monitoring and management (RMM) systems and spoofing global positioning systems to make missing cargo harder to locate. With a compromised broker account, a cybercriminal has a variety of options for cargo theft. Source: FBI's I3COverall, cybercriminals are constantly finding ways to exploit vulnerabilities in the information systems that manage the physical supply chain, David Glawe, president and CEO of the National Insurance Crime Bureau, said during his July 2025 testimony before the US Senate Committee on the Judiciary."While most cargo thefts historically occurred at warehouses or distribution centers, strategic cargo thefts can happen at any vulnerable point in the supply chain," he said. "Criminals can operate under the guise of being a legitimate carrier in order to gain possession of cargo or steal another carrier's identity to bid on shipments they later divert away from their intended destination."Related:Microsoft Edge Stores Passwords in Process Memory, Posing Enterprise RiskCargo Theft: No Longer Small OperationsThe key links in the transport supply chain are the fulfillment companies, the brokers, and the transporters. Fulfillment companies are the origin of the cargo — they are the ones who pack and prepare the goods, label and documenting as necessary, and hand off the cargo to the transporters, or carriers, move cargo and goods, delivering them to their destination, while tracking and reporting information about the goods and complying with regulations. Brokers are the intermediaries that match shippers with carriers, coordinating the logistics of pick up and scheduling.Cargo-theft-focused cybercriminals target all three links in the chain, NICB's Glawe stated."These organized crime groups stay anonymous by remaining overseas, using legitimate brokers and transporters to move stolen goods to the groups’ desired destinations for export," he said. "Many of these schemes involve business email compromises, carried out through phishing attacks or the use of slightly altered email domains."About a quarter of all cargo theft incidents in the first quarter of 2026 fell into the cyber-enabled categories of fictitious pickup or fraud, according to Verisk CargoNet data. From creating synthetic identities for driver's licenses to acquiring motor-carrier businesses to gain access to their approved credentials, cybercriminal operations targeting cargo have taken off.Related:Claude Mythos Fears Startle Japan's Financial Services SectorIn 2026, the amount of cargo theft appears to have subsided somewhat, but CargoNet's Lewis stressed that the reports likely underestimate the size of the losses, because — like other businesses — transportation companies do not like to talk about losses."The difference between credit-card fraud and theft in our world is they have an exact number — they know they didn't get paid," he says. "There's no mandatory reporting for cargo theft. Now, an individual company may know their number, but that doesn't mean they have to report it to law enforcement or to us, to anyone."Logistics Defenders Need a 'Head on a Swivel'While many of the techniques for verifying transport and securing the supply chain are well known, the fast-paced nature of the logistics industry often leads to insufficient vetting of carriers and drivers, allowing impersonation to have an outsized impact, says CargoNet's Lewis.Most transportation companies are not taking the time to watch out for cyber threats, he says."It's about paying attention to your surroundings — the old saying is keep your head on a swivel, watch your six, and trust no one, and we don't see that enough in our industry," he says. "We see that we're moving so fast that we don't have time to check those things."For enterprises worried about their supply chain, they should make sure to screen employees, train employees on cargo security, vet transportation partners, institute in-transit security controls, and protect their information technology systems, according to the National Insurance Crime Bureau.Criminals continue to improve their tactics and innovate in their efforts to circumvent cargo security measures, especially gravitating toward tactics that can be managed and accomplished while overseas, the NICB's Glawe said in his testimony to the US Senate."As cargo theft tactics grow more sophisticated," he stated, "particularly with the rise of strategic and cyber-enabled schemes, industry professionals must commit to stronger carrier vetting, consistent driver identification checks, and the utilization of secure pickup protocols."About the AuthorRobert LemosContributing WriterVeteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline Journalism (Online) in 2003 for coverage of the Blaster worm. Crunches numbers on various trends using Python and R. Recent reports include analyses of the shortage in cybersecurity workers and annual vulnerability trends.See more from Robert LemosWant more Dark Reading stories in your Google search results?Add Us NowMore InsightsIndustry ReportsHow Enterprises Are Developing Secure ApplicationsInside RSAC 2026: security leaders reveal the risks redefining your defense strategyHow Enterprises Are Harnessing Emerging Technologies in CybersecurityDitch the Data Center: Understanding Flexible Cloud Infrastructure Security Management2025 State of MalwareAccess More ResearchWebinarsThe New Attack Surface: How Attackers Are Exploiting OAuth to Own Your Cloud WorkspacePrompt Injection Is Just the Start: Securing LLMs in AI SystemsAnatomy of a Data Breach: What to Do if it Happens to YouHow Well Can You See What's in Your Cloud?Implementing CTEM: Beyond Vulnerability ManagementMore WebinarsEditor's ChoiceThreat IntelligenceFrom Stuxnet to ChatGPT: 20 News Events That Shaped CyberFrom Stuxnet to ChatGPT: 20 News Events That Shaped CyberbyDark Reading Editorial TeamMay 6, 202631 Min ReadCyber RiskNSA Chief During Snowden Affair Shares Regrets, Reflections 13 Years LaterNSA Chief During Snowden Affair Shares Regrets, Reflections 13 Years LaterbyDark Reading Editorial TeamApr 28, 2026Want more Dark Reading stories in your Google search results?Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.SubscribeRSAC 2026: key news & insightsAt RSAC 2026, Dark Reading captured critical intelligence on AI, new attack methods, geopolitics, and much moreGet Your RecapWebinarsThe New Attack Surface: How Attackers Are Exploiting OAuth to Own Your Cloud WorkspaceWed, June 24,2026 at 1pm ESTPrompt Injection Is Just the Start: Securing LLMs in AI SystemsTues, May 26, 2026, at 1pm ESTAnatomy of a Data Breach: What to Do if it Happens to YouJune 18th, 2026 | 11:00am -5:00pm ET | Doors Open at 10:30am ETHow Well Can You See What's in Your Cloud?Thurs, June 4, 2026 at 1:00pm ESTImplementing CTEM: Beyond Vulnerability ManagementThurs, May 21, 2026 at 1pm ESTMore WebinarsBlack Hat USA | Mandalay Bay, Las VegasThe premier cybersecurity event of the year returns to Mandalay Bay with a re‑engineered, six‑day program built to ignite innovation, push boundaries, and bring the global security community together like never before. Use code: DARKREADING to save $200 on a Briefings pass or $100 on a Business pass.GET YOUR PASSDiscover MoreBlack HatOmdiaWorking With UsAbout UsAdvertiseReprintsJoin UsNewsletter Sign-UpFollow UsCopyright © 2026 TechTarget, Inc. d/b/a Informa TechTarget. This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world’s technology buyers and sellers. All copyright resides with them. Informa PLC’s registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.’s registered office is 275 Grove St. Newton, MA 02466.Home|Cookie Policy|Privacy|Terms of UseYour Privacy Choices

Cybercriminal activity targeting physical cargo shipments has significantly increased over the past four years, driven largely by transnational cybercriminal syndicates. According to Robert Lemos’s reporting for Dark Reading, this shift, termed “strategic cargo theft,” represents a significant departure from traditional smash-and-grab operations. The core of this evolution lies in the utilization of cyberattacks – including phishing, impersonation, and remote compromise – to infiltrate logistics systems and manipulate the movement of goods. The FBI has reported a 60% surge in cargo theft losses in the US and Canada, reaching an estimated $725 million in 2025, directly attributable to this cyber-enabled approach.

Threat actors exploit vulnerabilities within supply chain systems, targeting brokers, carriers, and shippers to orchestrate fraudulent activities. Common tactics include posing as brokers to gain access to shipments, initiating fraudulent orders to secure cargo, and leveraging compromised RMM systems to mask the location of stolen goods. The sophistication of these attacks is further heightened by the use of techniques like synthetic identity creation for driver’s licenses and obtaining fraudulent motor carrier businesses to gain access to legitimate credentials. Cybercriminals consistently adapt to countermeasures, highlighting the dynamic nature of this threat landscape.

Keith Lewis, Vice President of Operations at Verisk Cargonet, emphasizes the strategic advantage that cybercriminals gain by operating remotely, circumventing traditional geographic limitations. The speed and efficiency of cyber operations, combined with the difficulty in tracing origins, create a compelling operational model for these groups. David Glawe, President and CEO of the National Insurance Crime Bureau, notes that cargo theft events are now occurring at any vulnerable point in the supply chain, from warehouses to distribution centers.

A quarter of cargo theft incidents in the first quarter of 2026 involved cyber-enabled tactics demonstrating the growing reliance on digital intrusion. The challenge lies in the reluctance of transport companies to report losses due to the lack of mandatory reporting requirements. There is a significant gap in awareness and response within the transportation industry, as highlighted by Lewis, who stresses the importance of “keeping your head on a swivel.”

To mitigate this rising threat, industry professionals must prioritize robust carrier vetting, consistent driver identification, secure pickup protocols, and the strengthening of information technology defenses. The constant innovation of criminal groups necessitates a proactive, rather than reactive, approach, demanding a heightened level of vigilance and investment in security measures throughout the complex logistics ecosystem.