Transport for London (TfL) is the latest public body or large corporation to be targeted by cyber criminals. The cyber attack has prompted TfL to seek help from the National Crime Agency.
TfL sent out advisory notes by email last night to hundreds of thousands of passengers: “We are currently dealing with an ongoing cyber security incident. At present, there is no evidence that any customer data has been compromised and there has been no impact on TfL services.
“The security of our systems and customer data is very important to us, and we have taken immediate action to prevent any further access to our systems.
“We are working closely with the relevant government agencies to respond to the incident.”
The cyber attack on TfL follows previous hacks against some central London hospitals on June 3, when they were targeted by a Russian hacking group Qilin through its pathology services provider Synnovis, something which NHS London is still coping with the costly aftermath. More than 10,000 NHS appointments have been cancelled as a consequence of the cyber attack.
Yesterday, Lloyds Bank, Virgin Money and Nationwide reported their apps suffered an outage due to problems at Microsoft. Banks NatWest, HSBC and TSB all reported similar problems with their apps last week.
Global software giants Microsoft have reported an increase in distributed denial-of-service – DDoS – attacks, where hackers overload a system by swamping it with requests causing it to crash, often with a demand for payment to end the attack.
The full extent of any damage to TfL’s network, or its transport systems, is not yet certain.
Shashi Verma, TfL’s chief technology officer, referred to an “ongoing cyber security incident” in a statement issued this morning.
“Although we’ll need to complete our full assessment, at present, there is currently no evidence that any customer data has been compromised,” Verma said.
The cyberattack on TfL is the latest in a string of high-profile cyberattacks in the UK in the last few months.
Transport for London (TfL) reported on 2 September that is has suffered a cyberattack and is working with the National Crime Agency to deal with the fallout.
According to the transport provider, early indications are that customer data has not been compromised and the transport network and services have not been affected.
Ross Brewer, vice president and managing director for EMEA at cyber company Graylog said: “As a critical national infrastructure (CNI) organisation, TfL and other CNI sectors like transport, utilities, healthcare, financial services, and telecommunications are being heavily targeted.
“The most concerning aspect is that nation-state actors discovered in these environments have often been embedded for months, and in some cases, years. This raises the question: why are nation-state actors from countries like Russia, China, Iran, and North Korea gaining access to UK infrastructure, lying dormant, and not monetising their access?”
Brewer says many security experts believe these entities are gaining control over their adversaries’ infrastructure to disrupt the country and cause public disorder for political and military reasons.
Notice of the attack was sent to customers in a message on Monday evening with TfL being the latest in a string of high-profile attacks, including the NHS in June and Microsoft in July.
Microsoft had fallen victim to a distributed denial-of-service (DDoS) attack which resulted in problems with the tech company’s Azure cloud platform.
One possible reason for cyber-criminals targeting high profile brands could be the assumption that if the attack is a ransomware attack, the ransom will be paid.
Brewer concludes: “As large organisations increasingly pay ransoms, we are seeing a significant rise in organised crime syndicates entering the cybercrime business.”
Shashi Verma, TfL’s chief technology officer said: “We have introduced a number of measures to our internal systems to deal with an ongoing cyber security incident.
“The security of our systems and customer data is very important to us and we will continue to assess the situation throughout and after the incident.”
TfL says there no evidence customer data has been compromised and there are currently no impact on services
Transport for London (TfL) has revealed it is dealing with an “ongoing cyber security incident”.
The organisation, which is responsible for most of London’s transport network, has not shared specific details of the incident but said there was no evidence customer data has been compromised.
It said it had called in the National Crime Agency (NCA) and the National Cyber Security Centre (NCSC) to establish the damage caused by the breach.
Shashi Verma, TfL’s chief technology officer, said: “We have introduced a number of measures to our internal systems to deal with an ongoing cyber security incident.
“The security of our systems and customer data is very important to us and we will continue to assess the situation throughout and after the incident.
“Although we’ll need to complete our full assessment, at present, there is currently no evidence that any customer data has been compromised. There is currently no impact on TfL services and we are working closely with the National Crime Agency (NCA) and the National Cyber Security Centre (NCSC) to respond to the incident.”
The statement came after a similar message was sent out to customers on Monday evening.
Hi {{indy.fullName}} TfL has reported a cyber-attack on its systems, which it claims it is managing. The attack was reported on Monday evening, and TfL released a short press statement. That statement said it was dealing with an ongoing incident, but there was no evidence that customer data had been compromised. It also said that there was no impact on its services.
Shashi Verma, TfL’s Chief Technology Officer, said: “We have introduced a number of measures to our internal systems to deal with an ongoing cyber security incident. The security of our systems and customer data is very important to us and we will continue to assess the situation throughout and after the incident.
“Although we’ll need to complete our full assessment, at present, there is currently no evidence that any customer data has been compromised. There is currently no impact to TfL services and we are working closely with the National Crime Agency and the National Cyber Security Centre to respond to the incident.”
At the moment, there is little beyond the initial press statement. According to the TfL website, services are running normally, and there seems to be no problem with its website. In addition, payment systems all seem to be running normally. That includes Oyster cards, payment machines, and online payments for the congestion charge and ULEZ.
Office-based staff are working from home, which suggests that the main systems are working and staff can connect remotely. The customer phone lines are also working, and there are no reports of unexpected long wait times. TfL has also not advised customers to change their passwords or implemented a forced password reset when they log in.
All of this is extremely positive. Whatever systems are affected, TfL seems to have contained them.
Any cyber-attack on a business is disruptive, and the severity of an attack is as much about the response as the type of attack itself.
In this case, it appears that TfL caught the attack early and took immediate action to ringfence the affected systems. It has also enacted its cyber resiliency plan, which has kept its systems and services fully functional. It has also escalated the response to the NCA and NCSC, which will bring significant resources to help resolve the issue.
TfL has a complex IT infrastructure, including cloud-based services and several third-party suppliers delivering services on its behalf. None of them are currently reporting a cyber-attack, which suggests that the attack hasn’t come from or migrated to their systems.
Once the incident is declared over, the finer details of how this occurred and was handled will be examined. This will include the speed and effectiveness of the response and how the attack started. So far, this has been a textbook example of how to deal with a potentially damaging attack.
