Therefore, there is a risk of even more dangerous attacks after the cyber attack on SBB

A recent report from the European Union Agency for Cybersecurity (ENISA) makes you think and should also worry those responsible at SBB.

According to the 50-page analysis published on Tuesday, ransomware attacks are the biggest cyber threat to the transport sector in Europe. But it’s not just about the known extortion attempts so far.

While most ransomware attacks to date have targeted IT systems such as databases, the European Cybersecurity Authority warns that criminal hacker gangs are likely to do the same in the near future target OT systems and disrupt, which can have serious consequences for society as a whole.

Why is there a new danger for transport companies?

OT stands for Operational Technology. This refers to systems that typically monitor or control mechanical processes. This makes them particularly important for the security of airports, ports, railways and other aspects of the transport sector, according to a report by the English-language online medium The Record.

The EU agency ENISA says it has not received “reliable information” about a specific cyber attack that could endanger road safety. In her analysis, however, she gives several reasons why the danger of devastating cyberattacks has increased:

It’s not just European authorities that are warning: In early March, the US transportation security agency NTSB issued new emergency security protocols for airport operators and airlines – due to “ongoing cybersecurity threats to critical infrastructure”.

Who is behind the attacks?

The greatest threat potential comes from ransomware gangs such as Lockbit and ALPHV, which make their digital attack infrastructure available to third parties for a fee and have repeatedly struck in Switzerland.

The current report from the EU Cyber ​​Security Agency details two hacker attacks that hit local companies in the aviation industry in the list of serious incidents listed for the past two years:

The report also mentions an attack on the General Shipping Company on Lake Geneva (CGN) in August 2021. Hackers manipulated the ticketing system on the transport company’s website and managed to steal the credit card information of some customers.

State hackers

In addition to criminal attackers, hackers who mainly engage in corporate espionage on behalf of the state are also an increasing threat. The origin of such attacks often points to Russia or China, although attribution is virtually impossible.

According to the ENISA report, such state hackers have been particularly interested in the maritime sector for the past two years and have targeted companies there.

However, most hacking attacks on the European transport sector were carried out by criminals with financial motives. Whether the cyber attack on the Swiss Federal Railways (SBB) in March 2023 belongs to this category has still not been officially confirmed.

This brings us to a crucial point.

Where is the problem on the side of the companies?

In their analysis, the European cybersecurity experts come to a conclusion that corresponds to the experiences of the watson editor about the situation in Germany:

Due to the lack of reliable data from the affected organizations, it is very difficult to fully understand the problem or even know how many cyber attacks on the transport sector are actually taking place.

Even if we analyze the information published by the criminals on dark web leak sites, it is very difficult, if not impossible, to determine the actual number of such attacks.

It should be noted that in the future the operators of critical infrastructures in Switzerland will have to report cyber-attacks with a significant potential for damage to the federal government if, after the National Council, the Council of States also agrees to a corresponding bill. The Center for Cyber ​​Security (NCSC) is intended as a reporting point.

Sources