DDoS attacks have increased in the past year, mainly targeting railways, and ransomware is the most common type of cyber attacks, the European Union Agency for Cybersecurity (ENISA) finds in its first cyber threat landscape report dedicated to the transport sector. The rise in DDoS attacks is primarily related to the Russian war in Ukraine, where cyber attacks on railway operators on both sides took place. The report covers the period of January 2021 to October 2022, in which 21 incidents targeting the railway sector were analysed, out of a total of 98 cyber attacks. The data collection and analysis primarily focusses on incidents observed in EU member states, but also around the world. Across all subsectors in transport, authorities and bodies were being targeted, 38 per cent of the incidents targeted transport authorities. In the railway sector, however, incidents almost exclusively targeted railway undertakings and infrastructure managers. The category ‘all transport’ in the figure below refers to attacks that target either all four sectors or, more commonly, ministries of transport.