Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

ICS/OT

Ransomware Will Likely Target OT Systems in EU Transport Sector: ENISA

Ransomware and data related attacks are the top cybersecurity threats to the transport sector in the EU, ENISA says.

Ransomware has become the top threat to the transport sector in the EU, and the European Union Agency for Cybersecurity (ENISA) expects ransomware groups to disrupt operational technology (OT) systems.

The overall number of cyberattacks targeting aviation, maritime, railway and road transport organizations has increased between January 2021 and October 2022, with cybercriminals responsible for most of the incidents (54%), according to a new report from ENISA.

Ransomware emerged as the primary threat, being used in 38% of the observed incidents, with data related attacks taking the second position, at 30%.

Malware (17%), DoS and DDoS (16%), phishing (10%) and supply chain attacks (10%) were also observed, along with breaches, fraud, and vulnerability exploitation.

As part of a ransomware attack, threat actors compromise a target’s systems, deploy file-encrypting malware, and demand a ransom payment in exchange for decryption keys. Representing a significant portion of the identified incidents, including several high-profile attacks, ransomware is presented separately from malware.

“The data on incidents collected until October 2022 indicate an increase in reporting of ransomware attacks during 2022. The number of ransomware attacks reported to the transport sector almost doubled, rising to 25% in 2022 from 13% during 2021. Contrary to ransomware, we observed a decline in malware incidents in 2022 compared to 2021 (from 11% to 6%),” ENISA explains.

The agency has reiterated its previous warning that “ransomware groups will likely target and disrupt OT operations in the foreseeable future.”

It noted that, until now, OT systems and networks were only affected when entire networks were impacted or when safety-critical IT systems became unavailable.

Advertisement. Scroll to continue reading.

However, ENISA believes we will see OT systems in the transportation sector being directly targeted due to several factors, including an increasing number of industrial control system (ICS) vulnerabilities, growing IT-OT connectivity, and the significant business and social impact of such an incident, which increases the cybercriminals’ chances of getting paid.  

The number of data-related incidents, which include both data breaches and data leaks, has declined compared to ransomware, but remains high. The observed attacks have impacted the information of employees and passengers, as well as corporate data and intellectual property.

An analysis of the threat actor activity targeting the transport sector shows that cybercriminals are the main threat, followed by hacktivists – mainly responsible for an increase in DDoS attacks and motivated by operational disruption and ideological beliefs – and state-sponsored groups.

Financial gain, operational disruption and espionage were the main identified motivations for the observed attacks, but a motive has not been determined for roughly one-third of the observed attacks.

“More than half of the incidents observed in the reporting period were linked to cybercriminals (55%). This is also linked with the motivation behind these attacks which is predominately financial gain (38%). The transport sector is considered a lucrative business for cybercriminals, with customer data considered a commodity and with highly valuable proprietary information when the transport supply chain is being targeted,” ENISA notes.

Aviation emerged as the most targeted sector (accounting for 28% of the attacks), followed by road transport (24%), railway (21%), and maritime transport (18%).

Transport authorities were the primary target of the attacks, followed by railway undertakings and infrastructure managers in the railway sector, port operators, airlines, service providers, OEMs, airport operators, surface transport operators, and the supply chain.

ENISA’s report provides a full break-down of the observed attacks by sector and threat actor motivation.

Related: Toyota’s Japan Production Halted Over Suspected Cyberattack

Related: Car Parts Giant Denso Targeted by Ransomware Group

Related: Port of Houston Target of Suspected Nation-State Hack

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Ransomware

A SaaS ransomware attack against a company’s Sharepoint Online was done without using a compromised endpoint.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Ransomware

Several major organizations are confirming impact from the latest zero-day exploits hitting Fortra's GoAnywhere software.

Data Breaches

Sony shares information on the impact of two recent unrelated hacker attacks carried out by known ransomware groups. 

ICS/OT

The overall effect of current global geopolitical conditions is that nation states have a greater incentive to target the ICS/OT of critical industries, while...

Data Breaches

KFC and Taco Bell parent company Yum Brands says personal information was compromised in a January 2023 ransomware attack.

Ransomware

Alphv/BlackCat ransomware group files SEC complaint against MeridianLink over its failure to disclose an alleged data breach caused by the hackers.