DDoS attacks delay trains, halt transportation services in Sweden
DDoS attacks delay trains, halt transportation services in Sweden

A series of distributed of denial of service attacks aimed at Sweden's transportation services caused train delays and disrupted over travel service earlier this week.

The first attack took place on 11 October, striking the Sweden Transport Administration (Trafikverket) via its two internet service providers, TDC and DGC. The DDoS bombardment reportedly crashed the IT system that monitors trains' locations and tells operators when to go or stop. It also took down the federal agency's email system, website, and road traffic maps. 

Customers during this time were unable to make reservations or receive updates on the delays, BleepingComputer reported, citing local Swedish press. 

"The overload affected all our web-based systems, from train traffic to website and Skype and other systems. Now we make sure everything is working properly and, of course, review how to do it again," said Sven Lindberg from Trafikverket's press department, according to Computer Sweden.

As a result, train traffic and other services reportedly had to be managed manually, using back-up processes.

The next day, a second DDoS attack impacted the website of the Swedish Transport Agency, a separate governmental body responsible for regulating and inspecting transportation systems. It also hit Western Sweden public transport operator Vasttrafik, reportedly crashing its ticket booking app and online travel planning service.

 

Stephanie Weagle, VP at Corero Network Security, emailed SC Media UK to comment:“Critical infrastructure operators, like transportation cannot leave DDoS attack protection to chance. In the reported example of DDoS attacks against Sweden's transport agencies prove just how damaging a DDoS attack can be if not properly protected.

“Recent Freedom of Information data revealed that most UK critical infrastructure organisations (51 percent) are potentially vulnerable to these attacks, because they do not detect or mitigate short-duration surgical DDoS attacks on their networks. As a result, just five percent of these infrastructure operators admitted to experiencing DDoS attacks on their networks in the past year (to March 2017).  However, if 90 percent of the DDoS attacks on their networks are also shorter than 30 minutes, as experienced by Corero customers, the real figure could be considerably higher."