Protect Transportation Organizations from Cyberattacks

Cyberattacks against transportation organizations are on the rise

Cyberattacks against transportation companies—including railways, airlines, shipping, and trucking—are surging. Ransomware can bring operations to a halt, disrupting the delivery of goods and services—and endangering the public. Cyber criminals target transportation systems because they are lucrative targets.

Ransomware attacks on airlines, railways systems, and trucking outfits are high-profile, putting pressure on the victims to pay the ransom—whatever the cost—to get operations up and running again.

average cost of a data breach in the transportation industry 2022
increase in ransomware activity every quarter in the US in 2022
sector in most increased threats in 2022

How Attackers Exploit Active Directory: Lessons Learned from High-Profile Breaches

AD is a common target in transportation attacks

According to Mandiant researchers, about 90% of the attacks they investigate involve Active Directory in one form or another. The Maersk attack was a prime example: The shipping giant’s operations were at a standstill for two weeks while teams rushed to recover Active Directory. Maersk estimated the fallout from the attack cost as much as $300 million.

Gain control of identity security

Semperis helps transportation organizations prevent, mitigate, and recover from identity-related cyberattacks.


checklist icon

Malicious actors often target Active Directory, a 20-plus-year-old technology that has security vulnerabilities because of misconfigurations that have accumulated over time and an increase in sophisticated attack tools that exploit those soft spots.
Semperis identifies gaps in Active Directory, including indicators of compromise (IOCs) and indicators of exposure (IOEs) resulting from human error or malicious actors.
After breaching a transportation company’s system, cybercriminals often lurk for weeks or months—often undetected by SIEMs—before unleashing malware exactly when it will cause the most damage.
Semperis detects in-progress attacks that bypass traditional log-based or agent-based solutions and autonomously rolls back malicious AD changes.
Cyberattacks can take down massive transportation systems in minutes. The NotPetya attack on Maersk started at an office in Odessa and spread through the company in a breathtakingly short time: 7 minutes, according to Maersk CISO Andrew Powell. When attacks are in progress, every minute counts in restoring business operations.
Semperis slashes the time to fully recover multiple Active Directory forests from days or weeks to minutes to hours, ensuring that airline, railway, shipping, and trucking operations are completely restored without risk of malware reinfection that could take down the business again.

Why AD systems in transportation are vulnerable

The effects of the 2017 NotPetya attack on Maersk, the world’s largest shipping company, are still reverberating. In spring 2021, a group with suspected ties to the Chinese government breached the New York Metropolitan Transportation Authority system—the third such attack in recent years. IT and security teams in transportation organizations face multiple challenges in securing their AD systems:

Vulnerability to supply-chain exploits
Deployment of digital & networked equipment
High risk to public safety and everyday life
Increased use of loT devices
Lax security policies
High-value targets

How Semperis helps transportation companies secure AD

Without the Active Directory (AD)-specific protection that Semperis provides, transportation companies—including shipping, airline, railway, and trucking companies—are vulnerable to cyberattacks.

Here’s how Semperis helped one of the largest transportation companies in the world recover from an AD cyberattack.

Shipping company reduces human error with the help of Semperis


Largest US trucking company needed to improve their business continuity strategy.


Administrators accidentally deleted revised objects in AD, resulting in multiple-day disruptions.


Company implemented a two-pronged approach to AD security and recovery with Semperis ADFR and DSP.

  • Minimized downtime and disruptions
  • Reduced attack surface
  • Automated fast, malware-free recovery

Prevent identity-related attacks

Simon Hodgkinson, former CISO of bp, discusses identity-first security for operational resilience.

Watch now

Leading transportation companies trust Semperis

Top transportation companies rely on Semperis to safeguard their most valuable assets, maintain compliance, and achieve operational efficiency in an ever-evolving digital landscape.





Our mission resonates with industry leaders
Gartner Peer Insights

An easy setup of the product true value for the money and a top solution.

Sub Director of IT Transportation Industry
El Al Israel Airlines

Semperis offers superior technology, and their Directory Services Protector is a tremendous asset for any company that uses Active Directory.

Learn more Chen Amran Deputy Director of Infrastructure & Communication, El Al Airlines
Gartner Peer Insights

If there’s one thing you need in the case of an Active Directory attack, out of any solution out there, it’s ADFR. With other backup solutions, there’s nothing that can guarantee you’re not reintroducing malware.

Senior Security Manager Global Consulting Firm