February 2026

NMFTA Cyber Intelligence Newsletter

The National Motor Freight Traffic Association, Inc.® (NMFTA) has designed this monthly e-newsletter to arm you with intelligence, tools, and defense tactics. Each month we cover enterprise system and rolling asset security, trending reports, and more.

Email-1200x600 - CSC EB

Early bird registration is live for the NMFTA 2026 Cybersecurity Conference, and this is your chance to lock in $50 off before prices increase. Designed for today’s freight and transportation leaders, this conference takes place in Long Beach, CA from September 29-October 2 and delivers expert insights and practical strategies to help you stay ahead of evolving cyber risks. Early bird pricing will only be available for a limited time.

3PageSpread-2026 Cyber Report (1)

Explore How Modern Cyberattacks Unfold
in the 2026 Cybersecurity Trends Report

Today’s threat actors operate like full-scale enterprises. They recruit specialists, divide responsibilities, share resources, and collaborate across networks with the same efficiency as legitimate transportation operations.

The 2026 Transportation Industry Cybersecurity Trends Report explores how modern threat actors operate and what it takes to stay ahead of them.

Download the report and equip your team with the intelligence needed to move from reactive defense to proactive protection.

How Complexity Can Kill Security

Security complexity can create blind spots that put systems and data at risk, especially in transportation. Find out how too much complexity undermines effective security, and why simplifying your approach matters now more than ever.

Cyber-Lock-System-600x400-2
Cloud-Security-Resize-1

API Security Was a 2025 Problem—and It's Not Going Away in 2026

API security was a major challenge for the transportation industry in 2025, and it’s not going away anytime soon. Learn why the risk is carrying into 2026 and what freight stakeholders should be paying attention to now.

Your Monthly Webinar Delivered

Web-Featured-1920x1080 1

Evolving Threats in the Transportation Sector

February 19, 2026 | 1:00-2:00 pm ET

Join members of the NMFTA cybersecurity team, and industry professional Matt Brown, founder and principal consultant at Brown Fine Security, as they break down emerging cyberthreats and practical strategies to help organizations protect their operations in the transportation landscape.

This webinar will fill up fast, don't wait to secure your spot!

See What's on the Horizon for this Year's Conference

We Want You to Speak at #NMFTACyber 

The call for abstracts for the NMFTA 2026 Cybersecurity Conference will close this month, dedicated to exploring the crucial intersection of cybersecurity and the trucking industry. This is an excellent opportunity to share your insights, research, and innovations with a diverse audience keen on enhancing cybersecurity practices within the trucking industry.

Submissions must be received by the deadline: Saturday, February 28, 2026.

CSC-Call for abstracts-Email
CSC 2026-600x400

Sign Up for 2026 Conference Updates

Enter your email below to join the 2026 #NMFTACyber Conference mailing list to get early access to news on registration, speakers, sessions, cyber insights, and more.

What to Expect for the 2026 Cybersecurity Conference

In This Month's Report...

Table of Contents

Cyberthreat Analysis

 

Industry News

#NMFTACyber On Demand

Cyberthreat Analysis

.

Ransomware and Cyber Extortion in Q4 2025

In the final quarter of 2025 (Q4 2025), established groups like “Qilin” and “Akira” maintained their leadership positions, while newer operators like “Sinobi” gained traction.

In addition, the number of data-leak site posts increased by 50% between Q3 and Q4 2025, and was up 40% from Q4 2024, despite fewer active groups this quarter.

Reliaquest assessed with moderate confidence that this reflects short-term consolidation, where higher-output groups attacked more organizations as weaker operators lost momentum.

Regardless of which groups rise or fall quarter to quarter, the sustained increase in data-leak site posts emphasizes that ransomware remains a persistent, growing threat even as individual group names come and go.

The quarter was characterized by the following developments:

  • Sinobi’s rapid expansion: Listings attributed to Sinobi rose 306%, making it Q4's third-most active group. This increase likely reflects affiliate migration from declining operations like “Lynx” ransomware.
  • Clop’s operational resurgence: After minimal Q3 activity, “Clop” claimed 116 victims through mass exploitation of a widely used enterprise resource planning (ERP) solution software platform.
  • Sectoral variations: Traditional high-value sectors—professional, scientific, and technical services (PSTS), manufacturing, and health care—remained the most affected industries, while retail trade experienced a 152% spike, likely driven by opportunistic holiday-season targeting.

By analyzing the drivers behind these trends and their downstream impact across industries, this report provides organizations with actionable insights to stay ahead of both established and emerging ransomware threats.

Guidance from the Frontlines: Proactive Defense Against ShinyHunters-Branded Data Theft Targeting SaaS

Mandiant is tracking a significant expansion and escalation in the operations of threat clusters associated with ShinyHunters-branded extortion. As detailed in our companion report, 'Vishing for Access: Tracking the Expansion of ShinyHunters-Branded SaaS Data Theft', these campaigns leverage evolved voice phishing (vishing) and victim-branded credential harvesting to successfully compromise single sign-on (SSO) credentials and enroll unauthorized devices into victim multi-factor authentication (MFA) solutions.

This activity is not the result of a security vulnerability in vendors' products or infrastructure. Instead, these intrusions rely on the effectiveness of social engineering to bypass identity controls and pivot into cloud-based software-as-a-service (SaaS) environments.

This post provides actionable hardening, logging, and detection recommendations to help organizations protect against these threats. Organizations responding to an active incident should focus on rapid containment steps, such as severing access to infrastructure environments, SaaS platforms, and the specific identity stores typically used for lateral movement and persistence. Long-term defense requires a transition toward phishing-resistant MFA, such as FIDO2 security keys or passkeys, which are more resistant to social engineering than push-based or SMS authentication.

Industry News

.

the-hacker-news

Hackers Use LinkedIn Messages to Spread RAT Malware Through DLL Sideloading

Cybercriminals are using LinkedIn messages to spread malware, targeting professionals where they least expect it. Read about the latest tactic and what to watch for.

3188439

PWN2OWN Automotive 2026 - Day Three Results and the Master of PWN

Security researchers made major breakthroughs at Pwn2Own Automotive 2026, exposing critical vulnerabilities in connected vehicle systems. Read about the day-three results and what they mean for the automotive and transportation cybersecurity industry.

cpr-hero-367x208-floater

6 Predictions for the AI Economy: 2026's New Rules of Cybersecurity 

The Cyber Security Report 2026 from Check Point highlights emerging threat trends, attack patterns, and key risks seen across industries over the past year. This research offers valuable insights into the evolving cyber landscape. Read about the threats shaping your security priorities in 2026.

Commercial Carrier Journal

Freight Fraud is Evolving and So is the Industry’s Response

It has been a busy start to the year at National Motor Freight Traffic Association (NMFTA), and later this month (effective February 26), we will launch our latest tool in the fight against freight fraud: Standard Carrier Alpha Code® (SCAC) Verified. Read more in this month's CCJ recurring article written by NMFTA's Joe Ohr.

hdt-logo-new

How Cybercrime Is Reshaping Cargo Theft and Fleet Risk in 2026

Artificial intelligence is changing how cybercriminals and cargo thieves target trucking fleets—and how fleets defend themselves. As phishing, impersonation, and cargo theft converge, cybersecurity is becoming a core part of fleet safety and operations. Read more in this month's Heavy Duty Trucking recurring article written by NMFTA's Ben Wilkens.

#NMFTACyber On Demand

.

The Freight Coach

Cybercrime in Trucking Is Evolving—What 2026 Means for All Parties!

As trucking becomes more digital, cybercriminals are getting smarter. In a recent episode, NMFTA's Artie Crawford and The Freight Coach Podcast's Chris Jolly breaks down the biggest 2026 trucking cyber trends, including freight fraud, AI-driven identity theft, TMS vulnerabilities, and load board scams. Listen now and learn how to strengthen your strategy.

2026 Cybersecurity Trends and Must Have Controls | NMFTA's Ben Wilkens

Don’t miss this discussion as NMFTA cybersecurity expert Ben Wilkens joins on-air personality Dave Nemo to talk essential cybersecurity best practices, including strengthening human-centered defenses, hardening identity and access controls, prioritizing zero-trust and network segmentation, securing remote management and connected tools, and automating detection and response.

Refer a Colleague

Would you like others at your company to be added to the NMFTA Headline Newsletter email distribution list? Send them this link or fill out the form for them on their behalf below!