The Cybersecurity Threat To Railways

The European Union Agency for Cybersecurity (ENISA) has recently published its first cyber threat landscape report on the transport sector, covering the period from January 2021 to October 2022. Ransomware attacks have become an increasingly significant cyber threat facing the transport sector in the European Union, according to a new analysis published on March 21st.

The report identifies prime threats and examines cyber security breaches during this period. It also includes an assessment of threat actors, considers their motivation for launching cyber attacks and identifiers major trends by mode.

It warns that while the majority of ransomware attacks to-date have targeted information technology (IT) systems such as databases, ransomware groups “will likely target and disrupt” operational technology (OT) systems “in the foreseeable future,” potentially causing even more significant effects for victims.

Overall, ENISA says that ransomware is the main threat to the rail sector, accounting for 45% of cyber attacks.

  • Data-related threats accounted for 25%, as did denial of service (DoS), distributed denial of service (DDoS) and ransom denial of service (RDoS) attacks.
  • Hacks that exploited known IT vulnerabilities accounted for 15%, while fraud, impersonation and counterfeit, malware and supply chain attacks each accounted for 5%.

The majority of cyber attacks targeted railway IT systems, including those behind passenger operations ticket systems, mobile phone apps and passenger information systems, causing disruption by making these services unavailable. Examples included ransomware attacks targeting Swedish public transport authority Skånetrafiken in August 2021 and the Italian State Railways in March 2022 when customers were unable to purchase tickets due to infected IT systems.

Enisa says the only cases affecting operational technology (OT) systems involved entire networks, or where safety-critical IT systems were unavailable.

Notable data thefts included cases at Norfolk Southern (NS), shortline operator OmniTrax and the New York Metropolitan Transportation Authority (MTA) in the United States, as well as at passenger operators Merseyrail in Britain and Lokaltog in Denmark. Personnel and medical records were stolen, and Enisa says that OmniTrax is the first publicly-known case of a double-extortion ransomware attack against a US freight rail operator.

The report also highlights the extensive disruption to Danish State Railways (DSB) services in October 2022. DSB ICT service provider Supeo was itself the victim of a cyber attack, with the result that DSB drivers could not access a key safety-critical IT system, disrupting DSB operations for several hours.

ENISA noted a ransomware attack on the Belarusian state-run train company in January 2022 “in a bid to disrupt Russian troop movements” when the attackers “deployed modified ransomware to bring down the railway system and encrypted servers, databases and workstations belonging to the Belarusian railway service.” The report says that the increasing proportion of DDoS attacks in the rail sector is due to the increased hacktivist activity which followed the invasion of Ukraine, undertaken by pro-Russian or anti-Nato groups.

Pro-Russian hacker groups have claimed responsibility for attacks in 2022 on Romanian national operator CFR Calatori in April, on Lithuanian Railways and Latvian operator SJSC in June, and against Estonian Railways in August.

Considering the issue of cyber attacks exploiting known vulnerabilities to IT systems, ENISA says that two cases stand out.

  • In December 2021 Toronto public transport agency Metrolinx temporarily took down its website as a precautionary measure, after being informed by the Canadian government that it was vulnerable to cyber attack.
  • A system vulnerability potentially allowing access to customers’ personal data held by Swiss Federal Railways (SBB) was reported by an anonymous hacker in January 2022.

Breaking down the attacks by target, the report says that 21, or 72%, were aimed at infrastructure managers and operators, seven (3%) at transport authorities and other public bodies, and only one (3%) at an IT service provider.

“Transport is a key sector of our economy that we depend on in both our personal and professional lives,” says ENISA Executive Director, Juhan Lepassaar“Understanding the distribution of cyber threats, motivation, trends and patterns, as well as their potential impact, is crucial if we want to improve the cyber security of the critical infrastructure involved.” Lepassaar added.

ENISA:   ENISA:   ENISA:  Rail Journal:   The Record:       Railway-Cybersecurity:     Railpage

You Might Also Read: 

UK Rail Signals Can Be Hacked To Cause Crashes:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

 

« The Inevitable Rise Of Artificial Intelligence
Imminent: Cybersecurity Regulations For US Financial Services »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

CyberDefenses

CyberDefenses

CyberDefenses services combine best-in-class cybersecurity oversight, managed services and training to help our clients truly address their cybersecurity challenges.

Homeland Security Investigations (HSI)

Homeland Security Investigations (HSI)

Homeland Security Investigations (HSI) is a premier federal law enforcement agency within the Department of Homeland Security (DHS).

TraceSecurity

TraceSecurity

TraceSecurity, a leading pioneer in cloud-based security solutions, provides IT governance, risk and compliance (GRC) management solutions.

Maryman & Associates

Maryman & Associates

Maryman & Associates are specialists in computer forensic investigations, incident response and e-discovery services.

Thinklogical

Thinklogical

Thinklogical manufactures secure, KVM, video, audio, and computer peripheral signal switching solutions for defence C4ISR applications.

APERIO

APERIO

APERIO, the global leader in industrial data integrity, helps its customers drive profitability and sustainability while mitigating risk in their industrial operations.

CyberSecurityTrainingCourses.com

CyberSecurityTrainingCourses.com

Cyber Security Training Courses is a portal to help candidates find the best courses to progress their career within the IT security industry.

World Congress on Industrial Control Systems Security (WCICSS)

World Congress on Industrial Control Systems Security (WCICSS)

The World Congress on Industrial Control Systems Security (WCICSS) is focused on emerging trends in protection of industrial control systems.

ProCheckUp

ProCheckUp

ProCheckUp is a London-based independent provider of cyber security services, including IT Security, Assurance, Compliance and Incident Response.

Cyber Defense Technologies (CDT)

Cyber Defense Technologies (CDT)

Cyber Defense Technologies provides services and turn-key solutions to secure and maintain the integrity of your organization’s systems and data against attacks.

Retruster

Retruster

Protect your users against phishing emails, ransomware & fraud with the most advanced, user-friendly, non-intrusive solution available.

KingsGuard Solutions

KingsGuard Solutions

KingsGuard Solutions is a San Diego Cybersecurity company that specializes in complex and innovative security solutions for companies throughout Southern California.

Strata Information Group (SIG)

Strata Information Group (SIG)

Strata Information Group (SIG) is a trusted partner in IT solutions and consulting services.

Securin

Securin

Securin offers a comprehensive portfolio of solutions including Attack Surface Management, Vulnerability Intelligence, Penetration Testing, and Vulnerability Management.

Illustria

Illustria

Illustria is your agent-less “watchdog” for all open source libraries. Our mission is becoming a dev-velocity company, enabled via cyber security.

Afripol

Afripol

AFRIPOL was set up to strengthen cooperation between the police agencies of AU member states in the prevention and fight against organized transnational crime, terrorism, and cybercrime.