DSB, the Danish state rail operator, was hit by a distributed denial-of-service (DDoS) cyber attack on Sunday, April 13.
A DDoS attack attempts to disrupt a host or network from connecting to the Internet in order to render a network or machines unavailable.
It meant that passengers were unable to buy tickets on Sunday, and purchases through DSB’s ticket machines, app, website and retail stores (7-Eleven) could not be processed. Tickets were only available through inspectors on board trains, and only passengers with Rejsekort travel cards were unaffected.
DSB Vice-director Aske Wieth-Knudsen said, “Our technicians and IT contractors have analysed this closely during the night and have concluded this is an outside attack in which someone has attempted to bring our system down.”
The cyber attack also restricted communications. Telephone systems and internal mail were affected, so DSB had to resort to social media and ground staff to communicate the delays to customers.
The attack was not something DSB had encountered before. “The [sic] type of attack we saw yesterday is a new way of doing things that we haven’t seen before. So a little more close analysis is required for us to see what exactly happened so we can prevent a reoccurrence,” Wieth-Knudsen told news outlet DR.
In response to the growing concern over ransomware and malware, IT Governance now provides a scalable solution for staff awareness training. Our Phishing and Ransomware – Human patch e-learning course explains the threat that ransomware presents to organisations, and gives details of the resources available to help you understand and combat those threats. We also offer a more detailed Phishing Staff Awareness Course.
For larger organisations, we offer a three-day