"Cyberattack Causes Trains to Stop in Denmark"

Trains stopped in Denmark recently as a result of a cyberattack.  The incident shows how an attack on a third-party IT service provider could result in significant disruption in the physical world.  According to a Danish broadcaster, all trains operated by DSB, the largest train operating company in the country, came to a standstill on Saturday morning and could not resume their journey for several hours.  It was noted that while this may sound like the work of a sophisticated threat actor that targeted operational technology (OT) systems in an effort to cause disruption, it was actually the result of a security incident at Supeo, a Danish company that provides enterprise asset management solutions to railway companies, transportation infrastructure operators, and public passenger authorities.  A DSB representative stated that Supeo might have been targeted in a ransomware attack.  The company noted that the disruption to trains came after Supeo decided to shut down its servers due to the cyberattack.  This led to a piece of software used by train drivers no longer working.  Threat actors attacking railways are not uncommon, with recent targets including Belarus, Italy, the UK, Israel, and Iran.

SecurityWeek reports: "Cyberattack Causes Trains to Stop in Denmark"