If you wanted to book a train trip in Germany recently, you would have been out of luck. The country's national rail company says that its services were disrupted for hours because of a cyberattack.
Deutsche Bahn, which provides rail services across different subsidiaries, said its website, including booking and timetable systems, were knocked offline by a distributed denial of service (DDoS) attack.
The effects of the attack were first felt on the afternoon of February 17 (1545 UTC), with both its travel app, DB Navigator, and website, bahn.de, experiencing issues affecting countless travelers.
Both of these services were restored as of 1300 UTC on Wednesday, although the company imposed temporary limitations on these systems.
"Our countermeasures were effective in minimizing the impact on our customers," DB said in a blog post.
Despite The Register'squestions, the company did not elaborate on who was behind the attack, whether the perpetrators made contact with DB, or whether customer data was compromised.
"Deutsche Bahn has been and continues to be subject to attacks on its IT systems," the company said in an update posted hours after the initial service restoration. "The current attack is specifically targeted at DB and has occurred in waves.
"The scale of the attack is considerable. Our defense mechanisms are working. We will not comment on speculation regarding the background of the attack. We are in close contact with the federal authorities.
- DDoS is the neglected cybercrime that's getting bigger. Let's kill it off
- Anti-DDoS outfit walloped by record packet flood
- 'Largest-ever' cloud DDoS attack pummels Azure with 3.64B packets per second
- US cops wrap up RapperBot, one of world's biggest DDoS-for-hire rackets
"Our top priority remains the protection of customer data and the availability of our information and booking systems, which are accessed via IT interfaces on other platforms in addition to bahn.de and the DB Navigator app by hundreds of thousands of travelers in Germany."
DDoS attacks tend not to be used by sophisticated cybercriminals. State-backed crews will often opt for malware that leads to destruction or data theft – depending on the motive – or simply exploit vulnerabilities and zero-days for persistent access.
Financially motivated crooks often opt for some kind of extortion, which involves ransomware or data theft, or a combination of the two.
While DDoS attacks can be carried out by cybercriminals of all stripes, they are most often deployed by hacktivists – digital nuisance-makers – and typically only last for a few hours before traffic tails off, as was the case with Deutsche Bahn. ®