Protect Transportation Services from Cyberattacks

Cyberattacks against transportation companies are surging. The effects of the 2017 NotPetya attack on Maersk, the world’s largest shipping company, are still reverberating. In spring 2021, a group with suspected ties to the Chinese government breached the New York Metropolitan Transportation Authority system—the third such attack in recent years. Railway industry companies Stadler, Network Rail, and China Railways have all suffered major breaches that compromised customer and employee data.

Cyberattacks against transportation companies—including shipping companies, railways, bus systems, and airlines—are potentially catastrophic because of their propensity to disrupt the distribution of goods and services that can affect public safety. Cybercriminals target transportation systems because the effects are immediate and devastating—putting the threat actors in a prime position to demand high ransoms or disrupt everyday life.  

Some of the challenges that security and identity teams in the transportation industry face:  

  • Transportation systems are increasingly interconnected, opening opportunities for threat actors to exploit security along the supply chain. 
  • The skyrocketing use of IoT devices—many with no built-in security—has left systems vulnerable to attack because of lax security policies surrounding account creation and deletion. 
  • The rise of Intelligent Transportation Systems (ITS) promises to save “lives, time, money, and the environment,” according to a TrendMicro report, but also raises the likelihood of cyberattacks as threat actors search for high-impact targets. 


$200M – $300M 

Estimated revenue loss by Maersk, the world’s largest shipping company, following the NotPetya cyberattack



Russian Railways computers in 150 countries were infected within one day by the WannaCry ransomware



Records – including email addresses and personal contact information – were exposed online in the 2020 Network Rail/C3UK breach  


Active Directory is a prime entry point for cyberattacks on transportation

According to Mandiant, about 90% of the attacks they investigate involve Active Directory in one form or anotherThe Maersk attack was a prime example: The shipping giant’s operations were at a standstill for more than a week while teams rushed to recover Active Directory 

Defending Transportation Services Against Cyberattack

Semperis helps transportation companies prevent, mitigate, and recover from identity system-related breaches – before, during, and after an attack.


Malicious actors often target Active Directorya 20-plus-year-old technology that has inherent weaknesses because of misconfigurations over time and sophisticated attack tools that exploit those soft spots.  


Semperis uncovers security gaps in Active Directory, including Indicators of Compromise (IOCs) and Indicators of Exposure (IOEs) resulting from human error or malicious actors.


After breaching a transportation company’s system, cybercriminals often lurk for weeks or months—often undetected by SIEMs—before unleashing malware at the moment that it will cause the most damage. 


Semperis detects in-progress attacks that bypass traditional log-based or agent-based solutions and autonomously rolls back malicious AD changes.  


Cyberattacks can take down massive transportation systems in minutes. The NotPetya attack on Maersk started at an office in Odessa and spread through the company in a breathtakingly short amount of time: 7 minutes, according to Maersk CISO Andrew Powell. When attacks are in progress, every minute counts in restoring business operations. 


Semperis slashes the time to fully recover the Active Directory forest from days or weeks to minutes, ensuring that transportation operations are completely restored without risk of malware reinfection that could take down the business again.  

“The Semperis platform helped El Al reach a point where we are sure that we can overcome any Active Directory outage. Semperis offers superior technology, and their Directory Services Protection Platform is a tremendous asset for any company that uses Active Directory.”

Chen Amram
Deputy Director of Infrastructure & Communication | El Al Airlines

“Robust tool with great features! The process of acquiring the tool and working with the support team has been seamless. They have been very proactive and approachable during the whole process.” 

—Senior Engineer, Infrastructure & Operations, $3B+ Transportation Company 

 See the full review on Gartner Peer Insights

“Maersk’s network was crippled within a matter of minutes, with the malware damage complete within an hour. Maersk lost all of its online Active Directory (AD) domain controller servers, along with their backups. it’s imperative that you be ready for a catastrophic loss of AD. NotPetya proved it can happen. ”

Sean Deuby
Director of Services | Semperis

Learn more about how cybercriminals exploit transportation organizations’ identity systems

Learn More

El Al Airlines Flies High with Semperis Active Directory Forest Recovery

The Practical ROI of a Quick Active Directory Recovery

Unlock cyber resilience. Request a Demo