A ransomware hack has blocked a critical logistics tool for Denmark’s largest railway company. DSB is the leading Danish railway operating company. The company was the victim of an impressive cyber attack on October 29, 2022. It cripple the country’s entire railway network for several hours. This is the first time a hack has blocked all travel nationwide.
No known cyber criminal groups have come forward, so it is not known who was responsible for the attack. The Danish company confirmed that it was a criminal attack. The railway network resumed its rhythm at the end of the day. But the flaw is now clearly visible to all hackers.
Railways on cybercrime’s radar
The consequences of this attack in Denmark are still unprecedented. But this is not the first time a railway company has fallen victim to a cyber attack. Train display systems were hacked in Italy last March, while the ticketing system in the UK was crippled by ransomware a year ago. Belarusian hacktivists also blocked the national rail network earlier this year, when the Minsk regime was transporting weapons to help Russia attack the Ukrainian capital Kiev.
Hundreds of thousands of impacted users and high media visibility are two arguments that make railroad companies a prime target for hackers. The United States has taken the lead this month. The Transportation Security Administration (TSA), the authority in charge of transportation security, has issued a new directive to strengthen the cyber protection of the railway network.
A Software Supply Chain intrusion
A security incident at Supeo, a Danish firm that provides enterprise asset management solutions to railroads, infrastructure operators, and public transportation agencies, resulted in the incident. The company chose to shut down its systems as a result of the ransomware incident, which led to train delays. As a result, train drivers’ software stopped working.
Supeo provides a smartphone application. It gives train drivers critical operational information. Speed limits and railroad maintenance details for example. Carsten Dam Sonderbo-Jacobsen, DSB’s chief of security, declared that “We were contacted by our subcontractor who told us that their testing environment had been compromised by criminal hackers.”
The cyber attack did not target DSB computer network, but they in fine suffered from the consequences of it with the supply chain infection. Supply chain software vulnerabilities are more and more targeted by cybercriminal and state-sponsored adversaries. Software suppliers must implement supply-chain cybersecurity best practices to ensure the resilience of their product and their own customer.