Article DETAILS

Trains in Denmark were halted due to a cyberattack on 05 November 2022. The incident illustrates how an attack on a third-party IT service provider could cause severe disruptions in the real world.

According to Danish network DR, all trains run by DSB, the country’s main train operator, came to a halt on Saturday morning and were unable to restart their journey for several hours.

Supeo, a Danish company that provides enterprise asset management solutions to railway companies, transportation infrastructure operators, and public passenger authorities, was the victim of a security incident. This may sound like the work of a sophisticated threat actor who targeted operational technology (OT) systems in an attempt to cause disruption.

Supeo was possibly the target of a ransomware attack. A DSB representative told Reuters that it was a “economic crime” although the company has not disclosed any details.

Trains were disrupted after Supeo chose to shut down its services in response to the cyber attempt. This caused a piece of software utilised by train drivers to cease functioning.

Supeo provides a smartphone application that train operators use to access vital operational data, such as speed limits and information on railroad maintenance. According to media sources, when the subcontractor decided to shut down its servers, the programme stopped working and train drivers were obliged to stop their trains.

It is not commonplace for threat actors to attack railways, with recent targets including Belarus, Italy, the United Kingdom, Israel, and Iran. Researchers have demonstrated that current train control systems are susceptible to hacking, although these most recent attacks targeted websites, ticketing systems, and other IT systems rather than control systems.

The Transportation Security Administration (TSA) in the United States recently published a new directive aimed at enhancing the cybersecurity of railroad operations.