A recent report from the European Union Agency for Cybersecurity (ENISA) makes you think and should also worry those responsible at SBB.
According to the 50-page analysis published on Tuesday, ransomware attacks are the biggest cyber threat to the transport sector in Europe. But it’s not just about the known extortion attempts so far.
While most ransomware attacks to date have targeted IT systems such as databases, the European Cybersecurity Authority warns that criminal hacker gangs are likely to do the same in the near future target OT systems and disrupt, which can have serious consequences for society as a whole.
Why is there a new danger for transport companies?
OT stands for Operational Technology. This refers to systems that typically monitor or control mechanical processes. This makes them particularly important for the security of airports, ports, railways and other aspects of the transport sector, according to a report by the English-language online medium The Record.
The EU agency ENISA says it has not received “reliable information” about a specific cyber attack that could endanger road safety. In her analysis, however, she gives several reasons why the danger of devastating cyberattacks has increased:
- The ongoing digital transformation and the merging of originally separate IT and OT networks makes the systems vulnerable.
- In the ransomware gang scene, which is mainly located in Eastern Europe, new mergers are constantly taking place. As a result, powerful attack tools (malware) are falling into more and more hands.
- Criminal hackers are developing more and more skills to attack and disrupt OT networks. This is matched by an increasing number of newly identified security gaps or vulnerabilities in OT environments.
- Russia’s military aggression against Ukraine is causing ransomware groups to take sides and likely launch retaliatory attacks against critical Western infrastructure.
- Transport infrastructure operators may be urged to pay ransoms to avoid critical business and social consequences.
It’s not just European authorities that are warning: In early March, the US transportation security agency NTSB issued new emergency security protocols for airport operators and airlines – due to “ongoing cybersecurity threats to critical infrastructure”.
Who is behind the attacks?
The greatest threat potential comes from ransomware gangs such as Lockbit and ALPHV, which make their digital attack infrastructure available to third parties for a fee and have repeatedly struck in Switzerland.
The current report from the EU Cyber Security Agency details two hacker attacks that hit local companies in the aviation industry in the list of serious incidents listed for the past two years:
- In March 2021, the details of hundreds of thousands of passengers were stolen in a “sophisticated” hacker attack on Geneva IT system operator Sita.
- In February 2022, ALPHV (Blackcat) claimed responsibility for a ransomware attack on airport service company Swissport.
The report also mentions an attack on the General Shipping Company on Lake Geneva (CGN) in August 2021. Hackers manipulated the ticketing system on the transport company’s website and managed to steal the credit card information of some customers.
State hackers
In addition to criminal attackers, hackers who mainly engage in corporate espionage on behalf of the state are also an increasing threat. The origin of such attacks often points to Russia or China, although attribution is virtually impossible.
According to the ENISA report, such state hackers have been particularly interested in the maritime sector for the past two years and have targeted companies there.
However, most hacking attacks on the European transport sector were carried out by criminals with financial motives. Whether the cyber attack on the Swiss Federal Railways (SBB) in March 2023 belongs to this category has still not been officially confirmed.
This brings us to a crucial point.
Where is the problem on the side of the companies?
In their analysis, the European cybersecurity experts come to a conclusion that corresponds to the experiences of the watson editor about the situation in Germany:
Due to the lack of reliable data from the affected organizations, it is very difficult to fully understand the problem or even know how many cyber attacks on the transport sector are actually taking place.
Even if we analyze the information published by the criminals on dark web leak sites, it is very difficult, if not impossible, to determine the actual number of such attacks.
It should be noted that in the future the operators of critical infrastructures in Switzerland will have to report cyber-attacks with a significant potential for damage to the federal government if, after the National Council, the Council of States also agrees to a corresponding bill. The Center for Cyber Security (NCSC) is intended as a reporting point.
Sources
- enisa.europa.eu: ENISA Transport Threat Landscape (pdf)
- therecord.media: Ransomware ‘likely’ targets transport OT systems, EU cyber agency warns
Source: Watson
I’m Ella Sammie, author specializing in the Technology sector. I have been writing for 24 Instatnt News since 2020, and am passionate about staying up to date with the latest developments in this ever-changing industry.
