Ransomware Will Likely Target OT Systems in EU Transport Sector: ENISA
Ransomware has become the top threat to the transport sector in the EU, and the European Union Agency for Cybersecurity (ENISA) expects ransomware groups to disrupt operational technology (OT) systems.
The overall number of cyberattacks targeting aviation, maritime, railway and road transport organizations has increased between January 2021 and October 2022, with cybercriminals responsible for most of the incidents (54%), according to a new report from ENISA.
Ransomware emerged as the primary threat, being used in 38% of the observed incidents, with data related attacks taking the second position, at 30%.
Malware (17%), DoS and DDoS (16%), phishing (10%) and supply chain attacks (10%) were also observed, along with breaches, fraud, and vulnerability exploitation.
As part of a ransomware attack, threat actors compromise a target’s systems, deploy file-encrypting malware, and demand a ransom payment in exchange for decryption keys. Representing a significant portion of the identified incidents, including several high-profile attacks, ransomware is presented separately from malware.
“The data on incidents collected until October 2022 indicate an increase in reporting of ransomware attacks during 2022. The number of ransomware attacks reported to the transport sector almost doubled, rising to 25% in 2022 from 13% during 2021. Contrary to ransomware, we observed a decline in malware incidents in 2022 compared to 2021 (from 11% to 6%),” ENISA explains.
The agency has reiterated its previous warning that “ransomware groups will likely target and disrupt OT operations in the foreseeable future.”
It noted that, until now, OT systems and networks were only affected when entire networks were impacted or when safety-critical IT systems became unavailable.
However, ENISA believes we will see OT systems in the transportation sector being directly targeted due to several factors, including an increasing number of industrial control system (ICS) vulnerabilities, growing IT-OT connectivity, and the significant business and social impact of such an incident, which increases the cybercriminals’ chances of getting paid.
The number of data-related incidents, which include both data…
