Over the past year, there were at least four breaches into the UK railway network, researchers said.
The attacks were only basic reconnaissance operations, intrusions to detect a network’s internal structure and to gather information for future attacks, said researchers at Darktrace, a British start up security firm charged with protecting the railway network. The company did say these intrusions could have been accidental.
Ransomware Masked as Rockwell Update
Industrial Tool Hikes Network Visibility
How to Handle IT-OT Convergence
Insurance Concern with ICS Vulnerabilities
Security Alert: Securing Supply Chain
Previous to the UK, attacks on a country’s railway network ended up detected in Ukraine this past winter, as part of the Black Energy attacks that also targeted the country’s energy grid and airports.
Railway networks are part of a country’s transportation system and are critical infrastructure.
“In an era of imperfect defenses and increasingly complex networks, determined threats can always get in,” said Dave Palmer, the chief technology officer of Darktrace, in a published report. “Today, all businesses can be affected, regardless of size or sector.”
The attackers appeared to be exploring the computer systems and didn’t actively attempt to disrupt anything.
It’s not clear who was behind the attacks, but it could have been nation state attackers conducting surveillance exercises as part of “cyber espionage”, which involves entering computer systems that deal with government data and critical infrastructure to gather information.