Microsoft: Transportation Now a Key Cybercrime Target

Over the course of 2025 so far, the supply chain sector has been hit hard by cyber attacks.

Cybercriminals no longer just target company firewalls. Instead they exploit supply chains, abuse identity systems and rely on stolen data for profit.

Microsoft’s Digital Defense Report outlines the global threat landscape in which ransomware continues to cause disruption, allowing attackers to gain initial access to organisations – and inflict further damage on their supplier and consumer base.

The tech giant identifies a trend where malicious actors increasingly leverage third-party relationships to compromise downstream organisations.

In other words, one weak vendor or partner can expose an entire network of businesses. This is especially worrying in sectors like logistics and manufacturing, where tightly-connected systems underpin physical movement and production.

Human-operated ransomware remains one of the top risks to business, with attackers directly infiltrating systems and demanding extortion payments.

That said, tactics are evolving. Microsoft notes that attackers are moving away from phishing and towards social engineering and identity-based compromise.

Amy Hogan-Burney, Corporate Vice President, Customer Security & Trust at Microsoft, explains that financial gain, not espionage, drives most attacks.

“In 80% of the cyber incidents Microsoft’s security teams investigated last year," Amy says, "attackers sought to steal data – a trend driven more by financial gain than intelligence gathering."

She adds that “over half of cyber attacks with known motives were driven by extortion or ransomware. That’s at least 52% of incidents fuelled by financial gain, while attacks focused solely on espionage made up just 4%.”

“Nation-state threats remain a serious and persistent threat, but most of the immediate attacks organisations face today come from opportunistic criminals looking to make a profit.”

Shipping attack case study

One striking case study in the report shows just how fast things can unravel. In February 2025, a ransomware attack targeted a global shipping company, which was able to contain it in just 14 minutes. Even so, Microsoft makes clear what the consequences could have been.

“Had the company’s systems been taken offline for even a few hours, the cascading effect would have impacted trade and industry around the world,” the report states.

This one incident demonstrates what Microsoft calls the “risk of our interconnected world". Global trade now relies on digital systems at every link, from port logistics and shipping schedules to customs and inventory control.

“Supply chains, both physical and digital, increase our attack surface,” the report says.

Transportation is now one of the top 10 sectors impacted by ransomware, with 223 organisations listed. Other sectors tied to logistics, such as retail, wholesale and distribution, show even higher exposure, with 441 affected organisations. Microsoft links this to attackers deliberately targeting value chains.

“Sophisticated threat actors are also targeting supply chains and trusted third-party relationships,” it adds. “By compromising a less secure partner or vendor… attackers could potentially impact more hardened targets in multistage attacks.”

Probing logistics and manufacturing systems

While most attacks aim to extort money, Microsoft also flags sustained efforts by state-aligned groups. These actors look for long-term access to strategic infrastructure, often through digital backdoors. The shipping and logistics sectors attract particular attention.

“In the last year, three Iranian actors targeted shipping and logistics operations across Europe and the Persian Gulf,” the report reveals.

Their goal is to gain persistent access to systems and extract commercial or operational data. Microsoft notes that Iranian groups account for 6% of attacks on the transportation sector. Chinese actors also target transportation, albeit less frequently, at around 2%.

The report warns that attackers increasingly exploit cloud infrastructure, using it for command and control or to maintain access over time. This tactic appears across both criminal and state-linked groups.

Initial access through supply chain compromise now features in 2% of all breaches analysed. In 3% of incident response cases, Microsoft identifies the supply chain as the route of entry. While these percentages may seem small, they point to a rising trend – and one that exploits trust between partners.

Across all sectors, the most targeted remain government and IT. However, impacts stretch across manufacturing, transport and retail. Attackers often rely on web-facing assets and remote services to breach defences, then move laterally using third-party access.

Microsoft urges for regulatory clarity

For Microsoft, defending against this level of threat requires more than patching software. It means rethinking security from the top down. 

“In this environment, organisational leaders must treat cybersecurity as a core strategic priority – not just an IT issue – and build resilience into their technology and operations from the ground up,” Amy says.

She outlines the scale of threat Microsoft observes daily.

“Every day, Microsoft processes more than 100 trillion signals, blocks approximately 4.5 million new malware attempts, analyses 38 million identity risk detections and screens five billion emails for malware and phishing.”

Amy goes on to highlight how accessible tools and automation empower attackers: “Advances in automation and readily available off-the-shelf tools have enabled cybercriminals – even those with limited technical expertise – to expand their operations significantly.

“The use of AI has further added to this trend with cybercriminals accelerating malware development and creating more realistic synthetic content, enhancing the efficiency of activities such as phishing and ransomware attacks.

“As a result, opportunistic malicious actors now target everyone, big or small, making cybercrime a universal, ever-present threat that spills into our daily lives.”

To respond, Microsoft calls for stronger identity controls, proactive exposure management and improved supply chain transparency. This includes use of secure-by-design principles, software bills of materials (SBOMs) and consistent vulnerability disclosure practices.

Microsoft also urges regulatory harmonisation to prevent fragmentation. Disjointed compliance regimes, it argues, weaken collective defences and slow down coordinated responses to attacks.

Cyber threats now plague the supply chain, but Microsoft’s message is clear: resilience must be prioritised at every stage.