This Thursday, April 17, 2025, the French National Agency for Information Systems Security (ANSSI) published a new report on the "state of the cyber threat" affecting urban transport in France. The French authority indicates that it handled 123 security incidents against public transport, such as metros, buses, and trams, between January 2020 and December 2024.
Urban transport relies on large computer networks, used by many different stakeholders, such as operators, suppliers, and local authorities. All of these systems are interconnected and are not always protected in the same way. The whole thing is therefore particularly vulnerable to cyberattacks.
DDoS, data leaks and identity theft
Anssi specifies that it has recorded 91 reports, that is to say mainly "phishing campaigns, information disclosure (notably login credentials)", or "poor security practices" during the period. These reports were "brought to the attention of the agency" and "led to processing by operational teams". This does not systematically involve a computer attack.
However, the agency does indicate that it has recorded 32 incidents in the space of five years. For the agency, an incident is defined as "a security event where ANSSI is able to confirm that a malicious actor has successfully carried out actions on the information system." Following an investigation, the agency was able to confirm that the country's urban transport system was targeted by cybercriminals.
Most of the 123 incidents identified by ANSSI were caused "by claims of distributed denial of service (DDoS) attacks, data leaks, and identity theft." These types of attacks represent more than half of the problems reported to ANSSI agents. Good news, "no significant impact on the operations of the entities involved has been identified as a result of these activities.".
The Lure of Profit
In most cases, hackers who attack urban transport are looking to make money. Large companies that manage urban transport have become a prime target for the most opportunistic hackers, as their services are essential and cannot be interrupted. This makes transport the ideal target for ransomware.
Furthermore, transport handles a huge number of users daily. They are perfect targets for data theft or scams. Hackers try to cast their net wide. This is why they choose to attack urban transport, which has the highest user count. Urban transport in France welcomes millions of users every day. In the Île-de-France region, more than 34.6 million journeys are recorded daily, with more than 1.3 billion metro trips made in one year.
Destabilization and espionage
Furthermore, some of the cyberattacks orchestrated against French urban transport aimed to destabilize France. With this in mind, DDoS attacks were fomented by cybercriminals affiliated with foreign governments. Unsurprisingly, Anssi specifies that these attacks increased during the Paris 2024 Olympic and Paralympic Games. The events served as a "sounding board for the demands of these hacktivists". At the same time, France has been inundated with disinformation campaigns orchestrated by Russia.
ANSSI adds that urban transport can also "be the target of attacks for espionage purposes." Here again, these operations are carried out by foreign powers, such as Russia or China.
Source: CERT-FR
0 Comments