By Dave McKay | November 9, 2022
Ransomware on Suppliers’ Servers Halts Trains
Trains ground to a halt in Denmark on Oct. 29, 2022. Not through strike action, but because of a cyberattack. Attacks against critical infrastructure are not new. In the United States, the Transportation Security Administration (TSA) recently issued a new directive with the aim of improving the cybersecurity of railroad operations.
Attacks against critical infrastructure such as railways are almost always carried out by Advanced Persistent Threat groups, the state-sponsored cyber-offensive wings of governments. However, that isn’t what happened here. It appears that the disruption was caused by a cyberattack at a suppliers. But there’s no indication that this was a supply-chain attack per se, where the supplier is strategically chosen to cause an impact on the real target.
Indications are that Supeo, a Danish company that provides software and solutions to rail operators and other public passenger authorities, suffered a ransomware attack.
The disruption to trains resulted from Supeo shutting down servers as they tried to manage the attack. This led to a critical piece of software used to inform train drivers of speed limits and information on work such as track maintenance. Without this vital, real-time information the drivers had no option but to stop their trains.
Danish broadcaster DR reports:
All trains operated by DSB, the largest train operating company in the country, came to a stand still on Saturday morning and could not resume their journey for several hours.
Supeo has not shared any detailed information, but DSB’s chief of security, Carsten Dam Sonderbo-Jacobsen, told Reuters:
We were contacted by our subcontractor who told us that their testing environment had been compromised by criminal hackers. It hasn’t targeted infrastructure or DSB, it was economic crime.
Attacks against railways are not uncommon. Belarus, Italy, the UK, Israel and Iran have all suffered recent attacks.
Source: Security Week