Between January 2021 and October 2022, the EU Agency for Cybersecurity (ENISA) analyzed and mapped the cyber threats faced by the transport sector, identifying prime threats, analyzing incidents, assessing threat actors, analyzing their motivations, and introducing major trends for each sub-sector, thereby providing new insights.
EU Agency for Cybersecurity Executive Director, Juhan Lepassaar, stated that “Transport is a key sector of our economy that we depend on in both our personal and professional lives. Understanding the distribution of cyber threats, motivations, trends and patterns as well as their potential impact, is crucial if we want to improve the cybersecurity of the critical infrastructures involved.”
Attacks by hacktivists are on the rise
- Ransomware attacks
- Data related threats
- Denial-of-service (DoS), distributed denial-of-service (DDoS) and ransom denial-of-service (RDoS) attacks
- Phishing / spear phishing
- Supply-chain attacks
Ransomware attacks have become the most prominent threat against the sector in 2022, with attacks having almost doubled, rising from 13% in 2021 to 25% in 2022. They are closely followed by data related threats (breaches, leaks) as cybercriminals target credentials, employee and customer data as well as intellectual property for profit.
The attacks are considered to be planned in an opportunistic nature, as we have not observed known groups targeting the transport sector exclusively.
More than half of the incidents observed in the reporting period were linked to cybercriminals (55%). They apply the “follow the money” philosophy in their modus operandi.
One fourth of the attacks are linked to hacktivist groups (23%), with the motivation of their attacks usually being linked to the geopolitical environment and aiming at operational disruption or guided by ideological motivation.
These actors mostly resort to DDoS attacks and mainly target European airports, railways and transport authorities. The rates of these attacks are focused on specific regions and are affected by current geopolitical tensions.
State-sponsored actors were more often attributed to targeting the maritime sector or targeting government authorities of transport. These are part of the ‘All transport’ category which include incidents targeting the transport sector as a whole.
This category therefore includes national or international transport organisations of all subsectors as well as ministries of transport.
Cyber threats in transport sector
Faced with multiple threats, aviation contends with data-related threats as the most prominent, coupled by ransomware and malware. Customer data of airlines and proprietary information of OEMs are the prime targeted assets of the sector. Fraudulent websites impersonating airlines have become a significant threat in 2022, while the number of ransomware attacks affecting airports has increased.
Threats targeting the maritime sector include ransomware, malware, and phishing attacks targeted towards port authorities, port operators, and manufacturers. State-sponsored attackers often carry out politically motivated attacks leading to operational disruptions at ports and on vessels.
For the railway sector, threats identified range from ransomware to data-related threats primarily targeting IT systems like passenger services, ticketing systems, and mobile applications, causing service disruptions. Hacktivist groups have been conducting DDoS attacks against railway companies with an increasing rate, primarily due to Russia’s invasion of Ukraine.
The threats in the road sector are predominantly ransomware attacks, followed by data-related threats and malware. The automotive industry, especially OEM and tier-X suppliers, has been targeted by ransomware which has led to production disruptions. Data-related threats primarily target IT systems to acquire customer and employee data as well as proprietary information.