Train operations in Denmark disrupted due to cyber attack
Train operations in Denmark on Saturday were disrupted due to a cyber-attack. The incident shows how an attack on a third-party IT service provider could significantly disrupt the physical world. According to the Danish broadcaster DR, all the trains of the DSB, which is the largest railway company operating in the country, stopped on Saturday morning and could not resume its journey for several hours.
Although this may appear to be the work of a sophisticated threat actor focusing on operational technology (OT) to create chaos, it is actually the result of a security incident at Supeo(One of the IT partners of Denmark railway ), an organization that provides enterprise asset management solutions for railways companies, transportation authorities, and public passenger authorities.
It is believed that Supeo may have been targeted in a ransomware attack. The company did not provide any information, however, DSB representatives informed the media that it was an “economic crime”.
This train wreck came when Supeo decided to shut down its servers after a cyber-attack. Due to this cyber-attack, an application used by train drivers became inaccessible. This mobile application is used by drivers to access critical operative information, such as speed limits and information about ongoing rail operations.
According to media reports, the drivers had to halt the train operations as the application stopped working due to the shutdown of the server. Adversaries targeting transportation sectors, especially railways is not a new headline. Recently countries such as Belarus, United Kingdom, Iran, etc. have also faced such cyber incidents.
These incidents confirm that the latest train systems are easy targets for adversaries, they have not just targeted railways websites but also ticketing systems, including IT and other administrative systems. Considering these attacks, TSA (Transportation Security Administration of USA) recently issued new regulations to improve the cyber security of rail operations.