This new report maps and analyzes cyber incidents related to aviation, maritime, rail and road transport covering the period from January 2021 to October 2022.
The report provides new insights into cyber threats to the transportation sector. In addition to identifying key threats and incident analysis, the report includes an assessment of threat actors, an analysis of the drivers driving their actions and presents key trends for each sub-sector.
“Transport is a key sector of our economy that we depend on in our personal and professional lives,” said Johan Lepassar, Executive Director of the European Union Cybersecurity Agency. Understanding the distribution of cyber threats, drivers, trends and patterns, as well as their potential impact, is crucial if we are to improve the cybersecurity of the critical infrastructures in question.
Main threats affecting the transportation sector
Ransomware attacks;
Data related threats;
Malware.
Denial of service (DoS) attacks, distributed denial of service (DDoS) attacks, and ransomware denial of service (RDoS) attacks;
Phishing/spear phishing;
Supply chain attacks.
Ransomware attacks became the most prominent threat against the sector in 2022With attacks almost doubling, rising from 13% in 2021 to 25% in 2022. These are closely followed by data-related threats (breaches and leaks) as cybercriminals target credentials, employee and customer data as well as intellectual property for profit. The attacks are considered planned and opportunistic, as we have not observed any known groups targeting the transportation sector exclusively.
More than half of the incidents observed during the reporting period were linked to cybercriminals (55%). They apply the “follow the money” philosophy in the way they work.
Attacks by hackers are on the rise. A quarter of attacks are linked to hacking groups (23%), and the motivation behind their attacks is usually linked to the geopolitical environment and aims to disrupt operations or is guided by ideological motives. These actors mostly resort to DDoS attacks and mainly target European airports, railways and transport authorities. The rates of these attacks are concentrated on specific regions and are affected by current geopolitical tensions.
It is often attributed to state-sponsored actors targeting the maritime sector or targeting government transport authorities. These are part of the “All Modes of Transport” category, which includes incidents targeting the transport sector as a whole. Thus, this category includes national or international transport organizations from all sub-sectors as well as ministries of transport.
Observed accidents in each sector
airline
In the face of multiple threats, aviation addresses data-related threats as the most prominent threats, along with ransomware and malware. Airline customer data and original equipment manufacturers (OEM) proprietary information are key assets targeted in this sector. Fraudulent websites impersonating airlines have become a major threat in 2022, while the number of ransomware attacks affecting airports has increased.
Navy
Threats targeting the maritime sector include ransomware, malware and phishing attacks targeting port authorities, port operators and manufacturers. State-sponsored attackers often carry out politically motivated attacks that disrupt operations at ports and on board ships.
Railroad
For the railway sector, the threats identified range from ransomware to data-related threats that primarily target IT systems such as passenger services, ticketing systems and mobile applications, causing service disruptions. Hacking groups are launching DDoS attacks against railway companies at an increasing rate, primarily due to the Russian invasion of Ukraine.
road
Bandit threats are mostly ransomware attacks, followed by data-related threats and malware. The automotive industry, especially OEM and Tier-X suppliers, has been targeted by ransomware that has led to production disruptions. Data threats primarily target IT systems to obtain customer and employee data as well as proprietary information.
On data availability and reliability: challenges in incident reporting
Although ENISA has collected data from a variety of sources to conduct its analysis, knowledge and information regarding incidents remains limited to those incidents that have been officially reported and for which information has been publicly disclosed. Such disclosed incidents on which ENISA based its analysis and conclusions are likely to underrepresent reality if those that are not disclosed outnumber those that are made public.
Although Member States have legal requirements for mandatory incident reporting, cyber attacks are often detected by the attacker first.
In the European Union, the revised Directive on measures to achieve a common high level of cybersecurity across the Union (2 shekels) The additional notification provisions for security incidents are intended to support better mapping and understanding of relevant incidents.
background
ENISA’s threat landscape reports help decision-makers, policymakers and security professionals define defense strategies for citizens, organizations and cyberspace. This work is part of the EU Cybersecurity Agency’s annual work program to provide strategic intelligence to stakeholders.
Information sources used for the purpose of this study include open source intelligence (OSINT) and the agency’s own cyber threat intelligence capabilities. The work also integrates information from desk research of available data such as news articles, expert opinions, intelligence reports, incident analyses, and security research reports.
The data analyzed also result from inputs received within the framework of interviews conducted with members of the ENISA Cyber Threat Landscape Working Group (CTL Working Group).
The analysis and opinions included in ENISA’s threat landscape reports are industry and vendor neutral.
More informationMachine
ENISA Threat Landscape: Transport Sector 2023
ENISA Threat Landscape 2022 – Chart
ENISA Threat Landscape Report 2022
ENISA threat supply chain landscape
ENISA Ransomware Threat Landscape – May 2021 – June 2022
Guidance on measures to achieve a common high level of cybersecurity across the Union (NIS2)
communication
For press questions and interviews, please contact Click (on) enisa.europa.eu