Ransomware Will Target Transport Sector OT, Says ENISAEuropean Cybersecurity Agency Warns That Digital Extortion Is Coming for OT
Europe's cybersecurity agency predicts that hackers will take advantage of the growing overlap between information and operational technologies in the transport sector and disrupt OT processes in a targeted attack.
Recorded attacks in Europe and globally against the aviation, maritime, rail and road sectors are going up, says the European Union Agency for Cybersecurity in a report analyzing transport sector incidents from January 2021 until October 2022. The overall increase in known attacks could be a consequence of reporting requirements under the European Union directive on the security of network and information systems, ENISA allows, but it says ransomware attacks have grown in frequency and will become a tool wielded for political as well as financial motivations.
"Hacktivists will likely be attracted by the effectiveness and the impact that ransomware attacks can have and the media attention they attract," the agency says.
Russia's February 2022 invasion of Ukraine has tested the resilience of the global supply chain, putting governments and corporations on edge for signs of additional instability.
Hacktivist activity on the continent has spiked since the 2022 Russian invasion, often through distributed denial-of-service attacks against websites in the railway, airport and road sectors. "The capabilities of most pro-Russian hacktivists remain low and are largely limited to DDoS and defacement attacks," the report says. Ransomware attacks are mostly indiscriminate and opportunistic.
The Russian war of conquest of its European neighbor could change the risk calculus as ransomware groups start picking sides and conducting retaliatory attacks against critical Western infrastructure, ENISA says. That, plus the overlapping of IT and OT, means that "ransomware groups will likely target and disrupt OT operations in the foreseeable future."
During the nearly two-year period covered in the report, no attack appeared to have affected the safety of transportation. Hacktivists used ransomware in January 2022 to disrupt railway operations in Belarus with the stated aim of "preventing the presence of Russian troops on the territory of Belarus" (see: Hacktivists Hit Belarusian Railroad to Stop Russian Troops).
Of the four transportation subsectors studied by ENISA, the aviation sector endured slightly more cyberattacks than its counterparts. It withstood 28% of the known attacks, compared to 24% by the road sector, 21% by the rail sector and 18% within the maritime industry. Ransomware attacks affecting airports skyrocketed during 2022 compared to the previous year as did ransomware attacks in the road sector. Recorded ransomware attacks against the railway sector were slightly up as a percentage of total attacks, and the number of attacks remained static in the maritime industry.