DDoS Attacks Delay Trains and Disrupt Services in Sweden

Distributed Denial-of-Service (DDoS) attacks against multiple Swedish transportation agencies that occurred over the span of two days caused travel delays and disruptions. On October 11, a DDoS attack targeted the Swedish Transport Administration, Trafikverket, via its two internet service providers, TDC and DGC, crashing the IT system that manages train orders and causing train delays. The attack also impacted the agency’s email system, website, and road traffic maps, preventing travelers from making online reservations or receiving updates about the delays. Trafikverket restored service in a matter of hours; however, delays affected train operations for an entire day. The following day, on October 12, DDoS attacks targeted two other agencies, impacting the website of the Swedish Transport Agency, Transportstyrelsen, and crashing the ticket booking app and online travel planning service of the public transport operator, Västtrafik. These attacks highlight the importance of having a proper DDoS mitigation strategy in place prior to an attack. The NJCCIC recommends organizations have DDoS mitigation services established through a managed security service provider and/or their internet service provider and have an incident response and recovery plan in place.