Transportation

(9) attackers < Back

Understanding the cyber threat:

In the age of automation and networking, recent years have seen an overwhelming increase in cyber attacks against the transport industry. As a result of the proliferation of attackers and their modus operandi, IT systems are often too vulnerable. As a result, attackers are finding more and more entry points into increasingly vulnerable systems. In addition, in 2020, a number of global events have favoured attacks against this sector of activity, such as the COVID-19 pandemic. Indeed, in this period of coronavirus, attacking those in the second line unfortunately makes sense for malicious individuals. The transport and logistics sector fulfils vital missions and therefore needs more than ever to have fully operational information systems. It is important to know that the transport sector is made up of six sub-sectors: public transport and passenger rail, pipeline systems, road and highway transport, the maritime transport system, rail freight, and postal and maritime transport. The vitality of the sector’s interconnectedness and global presence makes it a tempting target for hackers.

​In the rail industry, traditional wirebased train control and management systems (TCMS), which had only limited communication with external systems, are giving way to wireless standards like GSMRailway, a relatively broad network linking trains to railway regulation control centers. As is the case for all mobility providers these days, T&L companies use vehicle infotainment services and other equipment that add another layer of internet-connected communications. 

In every segment of the transportation industry, the widened cyber-attack surface is evident. For instance, among maritime companies, relatively simple distressand-safety systems have been replaced by full-fledged, cloud-based, local area networks, like the International Maritime Organization’s (IMO) e-navigation program. These networks are a tempting target for hackers because they collect, integrate, and analyze on-board information continuously to track ships’ locations, cargo details, maintenance issues, and a host of oceanic environmental considerations.

The fallout from cyber attacks can sometimes be felt by organizations for many months. In addition to service interruptions, cybercrime can also impact daily operations and result in the exposure of sensitive data.

• Below are sample impacts of cyber attacks in the transportation sector:

• Disruption to traffic lights, toll booths and electronic traffic signs

• Interruption of ticket machines and fare gates

• Blocked access to important files and data

• Theft of sensitive information from emails

• Interruption of payroll services

• Theft of personally identifiable information (“PII”).

• Blocked access to computer systems, resulting in employees using personal devices for work.

​Transportation is the tenth most costly industry for experiencing a data breach. On average, breaches cost transit companies $3.58 million per incident and take 275 days to contain. As cyberattacks on the sector grow increasingly common, these figures could grow, leading to incredible losses.

Example of devastating attack: in early May 2021, the Colonial Pipeline suffered a ransomware attack that forced it to shut down its entire network to prevent the malware from spreading.

 

Example of devastating attack: in early May 2021, the Colonial Pipeline suffered a ransomware attack that forced it to shut down its entire network to prevent the malware from spreading.

X Reset

ATK14

> Alias

Black Energy

BlackEnergy

...

> Suspected origin countries

Russia

> Suspected targeted countries

Estonia

France

...

> Target sectors

Energy

Government and administration agencies

...

> Motivations

Espionage

Sabotage

ATK5

> Alias

APT 28

APT28

...

> Suspected origin countries

Russia

> Suspected targeted countries

Afghanistan

Armenia

...

> Target sectors

Aerospace

Defense

...

> Motivations

Espionage

Political Manipulation

ATK4

> Alias

APT 37

APT37

...

> Suspected origin countries

North Korea

> Suspected targeted countries

China

Nepal

...

> Target sectors

Aerospace

Chemicals

...

> Motivations

Espionage

ATK17

> Alias

APT-32

APT-C-00

...

> Suspected origin countries

Vietnam

> Suspected targeted countries

Australia

China

...

> Target sectors

Communication

Defense

...

> Motivations

Espionage

ATK29

> Alias

APT 40

APT40

...

> Suspected origin countries

China

> Suspected targeted countries

Belgium

Cambodia

...

> Target sectors

Aerospace

Chemicals

...

> Motivations

Espionage

Information theft

ATK2

> Alias

APT 17

APT17

...

> Suspected origin countries

China

> Suspected targeted countries

Australia

Canada

...

> Target sectors

Aerospace

Defense

...

> Motivations

Espionage

ATK32

> Alias

FIN7

GOLD NIAGARA

...

> Suspected origin countries

Ukraine

Russia

> Suspected targeted countries

Australia

France

...

> Target sectors

Casino & Gaming

Communication

...

> Motivations

Financial Gain

ATK52

> Alias

APT-C-06

DUBNIUM

...

> Suspected origin countries

South Korea

> Suspected targeted countries

China

Japan

...

> Target sectors

Defense

Government and administration agencies

...

> Motivations

Espionage

ATK40

> Alias

APT 34

APT34

...

> Suspected origin countries

Iran

> Suspected targeted countries

Azerbaijan

Mauritius

...

> Target sectors

Aerospace

Aviation

...

> Motivations

Espionage