News
AI-Powered Cybercriminals Target Transport and Logistics Supply Chains

A 2025 report from CSIRT NASK, Poland's national computer incident response team, shows that almost all reported incidents involved AI-assisted computer fraud. Industry outlet Trans.INFO details how deepfakes and AI-generated phishing are hitting poorly secured suppliers in the transport industry.
Contents
According to the latest government report on the state of cybersecurity in Poland for 2025, artificial intelligence has become the primary tool of criminals attacking companies and institutions in the country. CSIRT NASK, Poland's national computer incident response team, handled more than 253,000 reports over the period, with computer fraud accounting for as much as 97 percent of all cases processed. Industry outlet Trans.INFO notes that transport and logistics companies are increasingly falling victim, since their sprawling network of contractors and suppliers makes them especially vulnerable to supply chain attacks.
What the report reveals
The document cited by Trans.INFO describes artificial intelligence as, in the report's own words, a force multiplier for cybercriminals. Language models let attackers generate phishing messages free of the typical grammar mistakes and typos that used to give fakes away. Messages are also growing more personalized, since attackers can automatically gather and process information about a specific company and its employees.
The second pillar of the threats described is voice and video deepfakes. Synthetic recordings impersonating board members are used in the by-now classic CEO fraud scheme, where a finance department employee receives an urgent wire transfer order supposedly from a superior. The scale at which a convincing voice or likeness of a specific person can now be generated means traditional phishing-awareness training is losing some of its effectiveness.
Why transport is a target
The article points out that attackers increasingly avoid striking large, well-secured companies directly, instead seeking out weaker-protected contractors and IT service providers through which they can reach the real target. In the transport and logistics sector, built on a dense network of subcontractors, freight forwarders and software vendors, this attack model is especially effective. Also named are edge devices belonging to employees of firms serving critical infrastructure operators, as well as cloud service providers, which become targets because of the scale effect, since compromising a single cloud provider opens a path to many of its clients at once.
A separate category of growing risk is made up of small and medium-sized enterprises that act as subcontractors in transport supply chains but rarely have extensive security departments. According to the report's authors, these firms become the weakest link through which criminals enter the networks of larger business partners.
Messaging apps as a new gap
Trans.INFO also describes the tactic of moving business correspondence from company email to private messaging apps such as Signal or WhatsApp. After making initial contact by email, attackers persuade the victim to switch to a messaging app under the pretext of urgency or discretion. Once outside company email, standard spam filters and security team monitoring become harder to apply, which makes the later stages of the fraud easier.
a force multiplier - CSIRT NASK, government report on the state of cybersecurity of the Republic of Poland for 2025
What companies can do
The article lists five practical measures the transport industry can implement without major investment. The first is identity verification through a separate channel, for example confirming a wire transfer order by phone before it is executed. The second is a formal company policy on private messaging apps, clearly stating whether and in what situations they may be used for business correspondence.
The remaining recommendations are regular software and hardware updates, keeping an inventory of external devices and service access granted to subcontractors, and using the free Artemis infrastructure vulnerability scanner, available at moje.cert.pl. The tool lets companies check on their own whether their systems have known security flaws before someone else exploits them.
For Polish transport and logistics companies, this means that investing in basic digital hygiene, verification procedures and regular updates is no longer optional. The scale of AI-driven attack automation means a single employee mistake, such as clicking a link or executing a transfer without additional verification, can now cost far more than before, since attackers can put together a convincing fraud scenario faster and more cheaply than ever.


