Cybercriminals Now Targeting Public Transport, Warns ANSSI

According to the French National Agency for the Security of Information Systems (ANSSI), cybercriminals are increasingly targeting public transportation systems. This shift highlights the growing risk to critical infrastructure, emphasizing the need for robust cybersecurity measures in the transport sector.

Read more: ANSSI Report

You Should Know: Protecting Critical Infrastructure from Cyber Threats

Public transport systems rely heavily on interconnected IT and operational technology (OT) networks, making them vulnerable to cyberattacks. Below are key commands, tools, and steps to enhance security:

1. Network Monitoring & Intrusion Detection

• Suricata IDS/IPS: Monitor network traffic for malicious activity.

  sudo apt-get install suricata
  sudo suricata -c /etc/suricata/suricata.yaml -i eth0
  

• Zeek (Bro): Analyze network traffic for anomalies.

  sudo apt-get install zeek
  zeek -i eth0 local
  

2. Securing Industrial Control Systems (ICS)

• Nmap Scan for OT Devices: Identify exposed ICS devices.

  nmap -sS -p 502,102,44818 --script modbus-discover <target_IP>
  

• Shodan Search for Vulnerable ICS:

  shodan search "port:502" 
  

3. Preventing Ransomware Attacks

• Disable SMBv1 (Common in WannaCry Attacks):

  Disable-WindowsOptionalFeature -Online -FeatureName SMB1Protocol
  

• Enable Windows Defender Attack Surface Reduction:

  Set-MpPreference -AttackSurfaceReductionRules_Ids <rule_ID> -AttackSurfaceReductionRules_Actions Enabled
  

4. Log Analysis for Threat Hunting

• ELK Stack for SIEM:

  sudo apt-get install elasticsearch kibana logstash
  

• Search for Suspicious Logins in Linux:

  grep "Failed password" /var/log/auth.log
  

5. Secure Remote Access (SSH Hardening)

• Disable Root Login & Use Key-Based Auth:

  sudo nano /etc/ssh/sshd_config
  PermitRootLogin no
  PasswordAuthentication no
  

• Fail2Ban for SSH Brute Force Protection:

  sudo apt-get install fail2ban
  sudo systemctl enable fail2ban
  

What Undercode Say

Cyberattacks on public transport systems can cause widespread disruption. Proactive defense includes:
– Network Segmentation: Isolate OT from IT networks.
– Regular Patching: Update ICS firmware and Windows/Linux systems.
– Employee Training: Social engineering remains a top attack vector.
– Incident Response Plan: Prepare for ransomware and DDoS attacks.

Linux Commands for Incident Response:

 Check open ports 
netstat -tulnp

Analyze malware with strings 
strings suspicious_file | grep "http|ftp"

Memory forensics (Volatility) 
vol.py -f memory_dump.raw windows.pslist 

Windows Commands for Security Checks:

 Check for unusual processes 
Get-Process | Where-Object { $_.CPU -gt 90 }

Verify firewall rules 
Get-NetFirewallRule | Select-Object Name,Enabled 

Expected Output:

A hardened transport network with real-time monitoring, secure remote access, and reduced attack surface.

Further Reading:

• ANSSI Guidelines
• CISA ICS Security

References:

Reported By: Pascal Vrammont – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

Join Our Cyber World:

💬 Whatsapp | 💬 Telegram