top of page
Search

EMERGING THREAT REPORT: RISING ATTACKS ON THE TRANSPORTATION SECTOR, A GAP IN COUNTERTERRORISM EFFORTS COMPARED TO TOTAL THREAT/ATTACK NUMBERS, AND BOMBINGS/EXPLOSIONS ARE A PROMINENT THREAT WORLDWIDE

  • Senior Editor
  • 5 hours ago
  • 5 min read

(The DTAR Emerging Threat Report is to help Threat, Security, Intelligence, and Investigative Professionals [TSIIPs] with threat awareness and prevention.)1


Aldara Carballal Presas, Camilla Montemarano, Khushi Salian, Mekhala Jambholkar, Natalie Goldwasser, WATCH/GSOC Team

Jackie Heier, Meghan Terry, Editors; Jennifer Loy, Chief Editor

November 1-12, 2025I


ree

Emerging Threat #1: From November 1 to 12, 91 events affecting critical infrastructure were recorded. 24 of those events affected the transportation systems sector, covering 26 percent of the total number. Terrorists and hostile actors targeted this sector in eight attacks that disrupted operations. Hazards affected the transportation sector in 13 events, caused by various forces, including weather events, accidents like crashes or explosions, technical failures, and negligence. In transitional nations, such as Myanmar, Sudan, and Syria, four incidents demonstrated that weakened governance will very likely contribute to increased attacks on the transportation sector. These patterns likely indicate that transportation infrastructure is considered a critical point of attack, facing pressure from various threats, including terrorists, organized crime groups, and hazard-related disruptions. Perpetrators will almost certainly strategize to target transportation infrastructure to escalate disruptions as they continue to exploit the sector’s systemic fragility. Perpetrators will likely diversify their methods of attack to include coordinated cyber attacks or multi-site disruptions to cause maximum damage.


Threats/attacks events related to critical infrastructure → 42

  • Transportation Sector → 8

  • Educational Sector → 6

  • Informational Technology Sector → 4

  • Commercial Sector → 4

  • Energy Sector → 2

  • Defense Industrial Base Sector → 2

  • Law Enforcement Sector → 2

  • Food and Agricultural Sector → 2

  • Faith-Based Sector → 2


Conclusion: Attacks on transportation systems will very likely increase as they are easily accessible and attackers could likely exploit vulnerabilities, such as weather exposures, poor maintenance, or worn-out infrastructures. These pressures, such as frequent attacks and/or weather-related disruptions, will likely cause wider service disruptions and will almost certainly deepen the overall fragility of transportation infrastructures.


How can TSIIPs use this data?

This data can be used to increase resource allocation or guide security measures to prevent escalation of events. TSIIPs should map attack hotspots that cover terrorist activity zones, transitional nations, and hazard-prone zones, to heighten monitoring and provide emergency services. TSIIPs should utilize tools like PeekYou to identify persons of interest (POIs) linked to suspicious transport-related activity by analyzing patterns and connections. By using this intelligence, TSIIPs can prioritize vulnerable areas to forecast windows of opportunities to prepare for systemic weaknesses, especially those that terrorists can exploit.


ree

Emerging Threat #2:  From November 1 to 12, 94 counterterrorism efforts were recorded, excluding the transitional nations of Myanmar, Sudan, and Syria. These were predominantly towards individuals/groups with unknown political/religious affiliations, with 34 incidents, followed by Islamist groups such as ISIS, Boko Haram, and Al-Qaeda, with 21 incidents, and narcoterrorists with 11 incidents. These efforts were seen mainly in India (40), the USA (16), and Nigeria (10).  The rise of counterterrorism operations against threat actors with unknown ideologies will likely make it difficult for countries to categorize the severity of the threat they pose. Authorities will likely struggle to preemptively counter terrorist threats and attacks from actors with unknown ideologies, as it is unlikely that a specific pattern of attacks will emerge. Countries with decentralized intelligence networks will likely face difficulties during their counterterrorism operations. These decentralized networks will likely create gaps in situational awareness, very likely hindering the countries’ ability to promptly identify, analyze, and respond to threats posed by such groups.


Counterterrorism Efforts by Country                                                                        

  • India → 20

  • USA → 16

  • Nigeria → 10

  • Pakistan → 6

  • Democratic Republic of the Congo → 5

  • Mexico → 5

  • Australia → 4

  • Colombia → 4

  • Germany → 4

  • France → 2

  • Somalia → 2

  • Sweden → 2

  • England → 1

  • Indonesia → 1

  • Ireland → 1

  • Japan → 1

  • Lebanon → 1

  • Libya → 1

  • Malta → 1

  • Morocco → 1

  • Netherlands → 1

  • Open Water → 1

  • Saudi Arabia → 1

  • Spain → 1

  • Thailand → 1

  • Ukraine → 1


Perpetrators Targeted  in Counterterrorism Efforts

  • Unknown Affiliation → 34

  • Islamist (ISIS, Boko Haram, al-Qaeda, etc.) → 21

  • Narcoterrorists/Cartel Beliefs → 11

  • Extremist → 9

  • Separatists → 6

  • Militarists (general) → 5

  • Organized Crime Beliefs → 3

  • Far/Alt-Right (Fascism, Neo-Nazi, etc.) → 2

  • Far/Alt-Left (Communist, Maoist, etc.) →1

  • Incel → 1


Conclusion: The increase in counterterrorism efforts towards individuals/groups with unknown political/religious affiliations indicates that states face growing difficulty prioritizing and directing security intelligence resources effectively, as there is a rising number of perpetrators without a clear ideology or without claiming responsibility. This trend will very likely complicate attribution and make it harder for governments to anticipate escalation patterns.


How can TSIIPs use this data?

TSIIPs should utilize this threat intelligence to monitor the rise of perpetrators with non-traditional ideologies to identify the locations they target the most. TSIIPs should study this data to try and trace a pattern in the rise of these attacks. TSIIPs should try to identify the gap in counterterrorism efforts and address the underlying issues present in the countries where their CT efforts are lower due to decentralized intelligence networks. TSIIPs should utilize tools like ACLED to geolocate and monitor activities that relate to individuals/groups with unknown affiliation. By using this intelligence, TSIIPs can support countries struggling with their CT efforts by building a database on these threat actors to deter and counter them.



ree

Emerging Threat #3: From November 1 to November 12, there were 211 threats to human rights and/or attacks, excluding the transitional nations of Myanmar, Sudan, and Syria. Perpetrators carried these out in countries not experiencing active conflict, including the USA, and in areas with active conflict, including Ukraine. Perpetrators will very likely innovate their attacks to include emerging technologies like cyber capabilities while continuing to carry out traditional attacks, such as bombings and armed assaults, at similar rates. Perpetrators will likely continue diversifying their types of attacks, including technology misuse to create deepfakes, kidnappings, bombings, and assassinations, as they attempt to use any available resource to carry out their attacks. Perpetrators will likely carry out threats and attacks against human rights to create long-term fear among the population, threatening basic human needs. This long-term fear will likely destabilize the region, likely allowing threat actors to gain control over the area.


Total Attacks/Threats → 211

  • Bombings/Explosions → 39

  • Human Rights → 39

  • Armed Assaults → 32

  • Cyber Attacks/Misuse of Technology → 31


Conclusion: 

The similar frequency between bombings, human rights-related incidents, armed assaults, and cyber or technology threats almost certainly shows that perpetrators across ideologies and regions are shifting toward a diversified type of attacks, complicating the detection and attribution of attacks. Security institutions will very likely struggle to make an effective response, as they must counter both physical attacks and cyber-related incidents at the same time.


How can TSIIPs use this data?

TSIIPs should utilize this threat intelligence when deciding on the allocation of counterterrorism resources and financing. TSIIPs should continue to create counterterrorism strategies against human-rights violations and bomb threats/attacks at the same rates as counterterrorism efforts against cyberattacks. TSIIPs should utilize tools like Social Searcher to find mentions of human rights violations reported by civilians across social networks. By using this intelligence, TSIIPs can create counterterrorism strategies from a diversification perspective to target developing threats and attack methods.

  1. All data comes from The Counterterrorism Group (CTG)'s The Daily Threat Activity Reports from November 1-12, 2025.

 
 

Reports

Careers

Privacy Policy 

Services

Terms & Conditions 

  • Linkedin
  • Instagram
  • Twitter
  • Facebook

Interested in joining us? Learn more

 

© The Counterterrorism Group (CTG) - 2025 - This website and all of its contents are copyrighted by The Counterterrorism Group, Inc. 2025. Any use, reproduction or duplication of the contents of this website without the express written permission of The Counterterrorism Group (CTG) is strictly prohibited.

​

bottom of page