Physical Cargo Theft Gets a Boost From Cybercriminals

CYBER RISK ICS/OT SECURITY CYBERSECURITY OPERATIONS VULNERABILITIES & THREATS NEWS Physical Cargo Theft Gets a Boost From Cybercriminals Cargo theft is no longer about small groups of criminals operating on the ground, but transnational cybercriminal syndicates using access to supply chain systems to reroute goods. Robert Lemos,Contributing Writer May 4, 2026 5 Min Read SOURCE: SIWAKORN1933 VIA SHUTTERSTOCK Cyber operations have grown to become a major component of cargo theft over the past four years, with transnational cybercriminal groups increasingly using phishing, impersonation, and remote compromise to hijack goods during transport. The FBI has warned that cargo theft losses in the US and Canada jumped 60%, to an estimated $725 million in 2025, as criminals adopted a cyber-enabled playbook for compromising brokers, carriers, and shippers — using that access to conduct a variety of illegal schemes. Often threat actors will use impersonation to pose as a broker and phishing with links to malicious sites to steal credentials and install malware. In other cases, they will create fake online orders for shipping cargo, while fraudulently bidding on real loads, the FBI stated. Cyber-enabled cargo theft — often called strategic cargo theft, because the criminals operate more like businesses than smash-and-grab cargo thieves — leads to cargo shippers and transporters willingly giving their cargo to criminals, says Keith Lewis, vice president of operations at Verisk Cargonet, a transportation-industry threat-intelligence service. Related:Research Hub Bridges Cybersecurity Gap for Under-Resourced Organizations "The bad guys are good at a few different things: one is return on investment, two is they know our business better than we do, and three is the innovation," he says. "We can come up with four or five different stop-gaps for [the current schemes], and they'll come up with four or five different workarounds. There's just no silver bullet." The FBI's April 30 threat notice to the transportation industry highlights the changes in cargo-related crime. Enabled by technology and compromised logistics systems, cargo theft has moved beyond local criminal groups and become a favored strategy of transnational criminal groups, because they can conduct the fraud from overseas, including compromising remote monitoring and management (RMM) systems and spoofing global positioning systems to make missing cargo harder to locate.   With a compromised broker account, a cybercriminal has a variety of options for cargo theft. Source: FBI's I3C Overall, cybercriminals are constantly finding ways to exploit vulnerabilities in the information systems that manage the physical supply chain, David Glawe, president and CEO of the National Insurance Crime Bureau, said during his July 2025 testimony before the US Senate Committee on the Judiciary. "While most cargo thefts historically occurred at warehouses or distribution centers, strategic cargo thefts can happen at any vulnerable point in the supply chain," he said. "Criminals can operate under the guise of being a legitimate carrier in order to gain possession of cargo or steal another carrier's identity to bid on shipments they later divert away from their intended destination." Related:Microsoft Edge Stores Passwords in Process Memory, Posing Enterprise Risk Cargo Theft: No Longer Small Operations The key links in the transport supply chain are the fulfillment companies, the brokers, and the transporters. Fulfillment companies are the origin of the cargo — they are the ones who pack and prepare the goods, label and documenting as necessary, and hand off the cargo to the transporters, or carriers, move cargo and goods, delivering them to their destination, while tracking and reporting information about the goods and complying with regulations. Brokers are the intermediaries that match shippers with carriers, coordinating the logistics of pick up and scheduling. Cargo-theft-focused cybercriminals target all three links in the chain, NICB's Glawe stated. "These organized crime groups stay anonymous by remaining overseas, using legitimate brokers and transporters to move stolen goods to the groups’ desired destinations for export," he said. "Many of these schemes involve business email compromises, carried out through phishing attacks or the use of slightly altered email domains." About a quarter of all cargo theft incidents in the first quarter of 2026 fell into the cyber-enabled categories of fictitious pickup or fraud, according to Verisk CargoNet data. From creating synthetic identities for driver's licenses to acquiring motor-carrier businesses to gain access to their approved credentials, cybercriminal operations targeting cargo have taken off. Related:Claude Mythos Fears Startle Japan's Financial Services Sector In 2026, the amount of cargo theft appears to have subsided somewhat, but CargoNet's Lewis stressed that the reports likely underestimate the size of the losses, because — like other businesses — transportation companies do not like to talk about losses. "The difference between credit-card fraud and theft in our world is they have an exact number — they know they didn't get paid," he says. "There's no mandatory reporting for cargo theft. Now, an individual company may know their number, but that doesn't mean they have to report it to law enforcement or to us, to anyone." Logistics Defenders Need a 'Head on a Swivel' While many of the techniques for verifying transport and securing the supply chain are well known, the fast-paced nature of the logistics industry often leads to insufficient vetting of carriers and drivers, allowing impersonation to have an outsized impact, says CargoNet's Lewis. Most transportation companies are not taking the time to watch out for cyber threats, he says. "It's about paying attention to your surroundings — the old saying is keep your head on a swivel, watch your six, and trust no one, and we don't see that enough in our industry," he says. "We see that we're moving so fast that we don't have time to check those things." For enterprises worried about their supply chain, they should make sure to screen employees, train employees on cargo security, vet transportation partners, institute in-transit security controls, and protect their information technology systems, according to the National Insurance Crime Bureau. Criminals continue to improve their tactics and innovate in their efforts to circumvent cargo security measures, especially gravitating toward tactics that can be managed and accomplished while overseas, the NICB's Glawe said in his testimony to the US Senate. "As cargo theft tactics grow more sophisticated," he stated, "particularly with the rise of strategic and cyber-enabled schemes, industry professionals must commit to stronger carrier vetting, consistent driver identification checks, and the utilization of secure pickup protocols." About the Author Robert Lemos Contributing Writer Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline Journalism (Online) in 2003 for coverage of the Blaster worm. Crunches numbers on various trends using Python and R. Recent reports include analyses of the shortage in cybersecurity workers and annual vulnerability trends. Want more Dark Reading stories in your Google search results? ADD US NOW More Insights Industry Reports How Enterprises Are Developing Secure Applications How Enterprises Are Harnessing Emerging Technologies in Cybersecurity Ditch the Data Center: Understanding Flexible Cloud Infrastructure Security Management 2025 State of Malware Sysdig 2025 Cloud-Native Security and Usage Report Access More Research Webinars Anatomy of a Data Breach: What to Do if it Happens to You How Well Can You See What's in Your Cloud? Implementing CTEM: Beyond Vulnerability Management Defending Against AI-Powered Attacks: The Evolution of Adversarial Machine Learning Zero Trust Architecture for Cloud environments: Implementation Roadmap More Webinars You May Also Like CYBER RISK How Can CISOs Respond to Ransomware Getting More Violent? by James Doggett JAN 28, 2026 CYBER RISK US Cyber Pros Plead Guilty Over BlackCat Ransomware Activity by Alexander Culafi JAN 05, 2026 CYBER RISK Switching to Offense: US Makes Cyber Strategy Changes by Robert Lemos, Contributing Writer NOV 21, 2025 CYBER RISK Microsoft Exchange 'Under Imminent Threat,' Act Now by Arielle Waldman NOV 12, 2025 Editor's Choice CYBER RISK NSA Chief During Snowden Affair Shares Regrets, Reflections 13 Years Later byDark Reading Editorial Team APR 28, 2026 IDENTITY & ACCESS MANAGEMENT SECURITY Oracle Red Bull Racing Team Revs Up Automation to Boost Security byArielle Waldman APR 30, 2026 5 MIN READ Want more Dark Reading stories in your Google search results? Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox. SUBSCRIBE LOADING... Webinars Anatomy of a Data Breach: What to Do if it Happens to You JUNE 18TH, 2026 | 11:00AM -5:00PM ET | DOORS OPEN AT 10:30AM ET How Well Can You See What's in Your Cloud? THURS, JUNE 4, 2026 AT 1:00PM EST Implementing CTEM: Beyond Vulnerability Management THURS, MAY 21, 2026 AT 1PM EST Defending Against AI-Powered Attacks: The Evolution of Adversarial Machine Learning MON, MAY 11, 2026 AT 1:00PM ET Zero Trust Architecture for Cloud environments: Implementation Roadmap TUES, MAY 12, 2026 AT 1PM EST More Webinars BLACK HAT ASIA | MARINA BAY SANDS, SINGAPORE Experience cutting-edge cybersecurity insights in this four-day event. Use code DARKREADING for a Free Business Pass or $200 off a Briefings Pass. GET YOUR PASS