Below is the uncorrected machine-read text of this chapter, intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text of each book. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.
59Â Â Cybersecurity Incidents Incidents Involving Transit Agencies April 2021: New York Metropolitan Transportation Authority (motive unknown, potentially espionage; China-based actors) April 2021: Valley Transportation Authority San Jose, CA (malware; unknown) December 2020: Unknown number of transit agencies (Sunburst/SolarWinds 3rd party; Russia- based actors) December 2020: Vancouver Translink (Egregor ransomware as service; Ukraine connections) October 2020: STM (Montreal) (RansomExx ransomware; unknown) August 2020: SEPTA Philadelphia, PA (ransomware; unknown) July 2020: Trinity Metro Fort Worth, Texas (Netwalker ransomware as service; unknown) August 2019: Transport for London (TfL) (3rd party data breach; cybercrime data theft) July 2019: New York City Metropolitan Transport Authority (server failure; attributed to soft- ware bug) June/July 2019: SEPTA Philadelphia, PA (Magecart data theft, cybercrime) May 2018: Danske Statsbaner Danish train operating company (denial-of-service attack; disruption) January 2018: Metrolinx Suburban Toronto, Canada (malware; attributed to North Korea) October 2017: Sweden national transportation network (denial of service attack; disruption) May 2017: Germany, Russia, and China national rail networks (WannaCry malware: North Korea) November 2016: San Francisco Muni light rail system (ransomware; unknown) 2016: South Korea metro and train systems (unknown; North Korea) Transit fare cards have been an ongoing target. Survey of underground criminal forums and marketplaces from October 2017 to March 2020 found sales of compromised databases and services for loading funds into transit system accounts and for booking travel within Canada and the United States at discounted rates. Incidents Involving Other Transportation Agencies June 2021: Steamship Authority of Massachusetts (ransomware attack; unknown) May 2020: Texas Department of Transportation â (RansomExx ransomware; unknown) Colorado Department of Transportation double attack (SamSam ransomware, Iran-based actors) Feb 2019: Texas Department of Transportation (phishing page posting as TxDOT site; unknown) March 2018: Hartsfield-Jackson Atlanta International Airport (ransomware; unknown) October 2017: Kyiv Ukraine metro rail system, the Odessa International Airport, and the Ministry of Infrastructure of Ukraine (BadRabbit ransomware; unknown) May 2017: Renault and Nissan UK automobile manufacturers (WannaCry malware: North Korea) A P P E N D I X A
60 Cybersecurity in Transit Systems Incidents Involving Other Industries April 2021: Codecov software developer (supply chain hack; unknown) March 2021: U.S. government agencies and prisons (3rd party hack; Hacktivist collective) December 2020/January 2021: Washington State Office of Auditor General unemployment benefits files (data theft; 3rd party software; unknown) October 2020: Barnes & Noble (Egregor ransomware as service; Ukraine connections) August 2017: Avast CCleaner software (supply chain malware; unknown) June 2017: AP MÃller â Mærsk (NotPetya malware; Russian GRU intelligence directorate) Ransomware incidents from late 2019 and early 2020 affected companies in: Logistics and shipping companies: the Toll Group (by NetWalker and Nefilim ransomware families); Pitney Bowes (Ryuk ransomware); Henning Harders (Maze ransomware) Rail vehicle construction: Stadler, likely ransomware or other destructive malware Maritime cargo: unnamed U.S. maritime facility (Ryuk ransomware), affecting industrial control systems (ICS) that monitor and control cargo transfers.
