Carding
Professional
- Messages
- 2,870
- Reaction score
- 2,494
- Points
- 113
Experts wanted to take measures in advance, but the train had already left.
The company Belt Railway, which is based in Bedford Park (Illinois), was the victim of a cyber attack. This is the largest railroad company in the United States, engaged in sorting and transporting goods. It is owned by six railway companies in the United States and Canada.
On Thursday evening, the hacker group Akira published on its website information about the theft of 85 GB of data. There is no information yet on whether criminals are demanding a ransom. According to General Counsel Christopher Steinway, internal processes were not affected by the incident.
Belt Railway has hired a cybersecurity firm to investigate. We also cooperate with federal law enforcement agencies.
Experts suggest that the reason for the successful attack could be vulnerabilities in outdated software that has not been updated for years. The company also probably didn't invest enough in cybersecurity before the incident.
The attack occurred after measures to improve the cybersecurity of railways taken by the US Transportation Security Administration (TSA, Transportation Security Administration). In 2021, the administration introduced new rules requiring carriers to segment computer networks, monitor access, and track threats.
Just four weeks before the incident, Belt Railway announced that it was going to listen to the recommendations of the TSA in the near future and take action. As IT Director Robert Whitlock noted, the company planned to conduct training exercises the day before.
However, despite the training, the organization has become an easy target for hackers.
Earlier in 2022, US railway companies CSX and Union Pacific were attacked. Experts have repeatedly warned industry representatives about vulnerabilities.
The Akira hacker group that hacked Belt Railway is known for numerous attacks on organizations in various fields since March 2023.
The company Belt Railway, which is based in Bedford Park (Illinois), was the victim of a cyber attack. This is the largest railroad company in the United States, engaged in sorting and transporting goods. It is owned by six railway companies in the United States and Canada.
On Thursday evening, the hacker group Akira published on its website information about the theft of 85 GB of data. There is no information yet on whether criminals are demanding a ransom. According to General Counsel Christopher Steinway, internal processes were not affected by the incident.
Belt Railway has hired a cybersecurity firm to investigate. We also cooperate with federal law enforcement agencies.
Experts suggest that the reason for the successful attack could be vulnerabilities in outdated software that has not been updated for years. The company also probably didn't invest enough in cybersecurity before the incident.
The attack occurred after measures to improve the cybersecurity of railways taken by the US Transportation Security Administration (TSA, Transportation Security Administration). In 2021, the administration introduced new rules requiring carriers to segment computer networks, monitor access, and track threats.
Just four weeks before the incident, Belt Railway announced that it was going to listen to the recommendations of the TSA in the near future and take action. As IT Director Robert Whitlock noted, the company planned to conduct training exercises the day before.
However, despite the training, the organization has become an easy target for hackers.
Earlier in 2022, US railway companies CSX and Union Pacific were attacked. Experts have repeatedly warned industry representatives about vulnerabilities.
The Akira hacker group that hacked Belt Railway is known for numerous attacks on organizations in various fields since March 2023.
