London Transport Hit By A Cyber Attack

Uploaded on 2024-09-04 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Transport & Travel

Transport for London's (TfL) the local government body responsible for managing the transportation system in Greater London computer systems have been targeted in an on-going cyber attack and TfL has engaged with the UK government for a response.

According to TfL It said there was no evidence customer data had been compromised and there was currently no impact on TfL services and they are working with the National Crime Agency and the National Cyber Security Centre in response to the incident.

Employees have been asked to work at home, as the TfL IT systems at the corporate headquarters that are mainly affected. TfL’s chief technology officer Shashi Verma said: “We have introduced a number of measures to our internal systems to deal with an ongoing cyber security incident.... The security of our systems and customer data is very important to us and we will continue to assess the situation throughout and after the incident. 

The majority of cyber attacks typically involve hackers stealing sensitive data, and then either demanding a payment in exchange for deleting it, or selling it on the black market. So far, no evidence has emerged of TfL data being lost or stolen. "Although we’ll need to complete our full assessment, at present there is currently no evidence that any customer data has been compromised”, Verma said.

“The cyberattack on the Transport for London (TfL) marks a significant incident for an organization that millions of passengers rely on daily for its services. At this time, TfL does not believe its customer database has been compromised and says transport systems are not affected; however, the attack underscores the high-risk status of critical infrastructure in the UK, closely following this year’s cyberattack on the NHS which disrupted hospital operations and patient care.  
 
Threat actors can sit dormant in systems for extended periods of time and strategically plan to maximize the damage caused. While it’s not yet known when the TfL breach was initiated, the attack demonstrates the crucial need to detect and respond to unfolding cyberattacks as quickly as possible to minimize the impact of the incident. In this case, a successful attack on TfL has the potential to expose highly sensitive customer data as well as cause staffing shortages in critical industries, economic losses, and widespread commuter chaos. 
 
As cyberattacks on critical infrastructure increase in frequency and sophistication, it is vital that organizations make cybersecurity a top priority.

Kev Eley, Vice President UKI at Exabeam commented, "Critical infrastructure providers need to deploy a multifaceted cybersecurity strategy that prioritizes employee education and the continuous monitoring of anomalous behavior in both user and device activity. Organizations must build awareness around where their vulnerabilities lie, e.g. out of date patches or unsecure third-party suppliers, and ensure the basics of cybersecurity are being performed, including regular data-back-ups and following password hygiene best practice to form a well-rounded security foundation.”  

Joseph Carson, CISO at Delinea commented “While there have been no reported consequences to the public services and in an email to customers late Monday evening indicated that security is a top priority, so far no evidence of any customer data being compromised ... there is always the possibility of a more severe outcome once the incident response analyses the digital evidence...

"The reliability of public services is of the highest importance to the efficiency and productivity of our society and attacks like this can have far reaching consequences...

"The attempt is a reminder to consistently assess cyber risks with an aim to understand the IT ecosystem and lower the potential threat of cyber incidents. Visibility into who is accessing systems and the privileges they have can be make or break in critical systems and services” Carson said.

Right now, it is unclear who might be behind the attack, although TfL was previously targeted by Russian hackers last year as part of a wider attack that resulted personal information about employees being stolen.

TfL   |   BBC   |    Computer Weekly   |   Techradar   |   Chester Standard   |   ITPro   |   Computing   |   Standard

Image: @TfL 

You Might Also Read: 

London Hospitals Held To Ransom:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« AI & Biometrics In Cybersecurity
Bolster Security Using Dark Web Intelligence »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

BSA - The Software Alliance

BSA - The Software Alliance

BSA is the leading advocate for the global software industry before governments and in the international marketplace.

Cyber Security Research Centre - University of Cardiff

Cyber Security Research Centre - University of Cardiff

Cardiff University's Centre for Cyber Security Research is a leading UK academic research unit for cyber security analytics.

A-LIGN

A-LIGN

A-LIGN is a technology-enabled security and compliance partner trusted by more than 2,500 global organizations to mitigate cybersecurity risks.

Alsid

Alsid

Alsid helps corporates to anticipate attacks by detecting breaches before hackers can exploit them.

Method Cyber Security

Method Cyber Security

Method offers a Cyber Security Risk Management training course for those responsible for the security of industrial automation, control and safety systems.

Open Connectivity Foundation (OCF)

Open Connectivity Foundation (OCF)

OCF is dedicated to ensuring secure interoperability ensuring secure interoperability of IoT for consumers, businesses and industries.

David Hayes-Export Controls

David Hayes-Export Controls

David Hayes-Export Controls provides assistance to companies affected by export controls or who are considering entering the market but are unsure of the commercial and regulatory implications.

Ukrainian Special Systems (USS)

Ukrainian Special Systems (USS)

Ukrainian Special Systems (USS) is a state-owned commercial enterprise providing confidential communication, trust services and services in the field of information protection.

International Association of Security Awareness Professionals (IASAP)

International Association of Security Awareness Professionals (IASAP)

IASAP provides a members-only virtual sharing platform where security awareness professionals engage in a lively, year-round exchange of information and ideas.

Glocomp Systems

Glocomp Systems

Glocomp Systems is one of Malaysia’s premier ICT infrastructure distributor offering a comprehensive portfolio of solutions including cybersecurity and privacy.

Redbot Security

Redbot Security

Redbot Security provides industry leading manual penetration testing. Protecting critical systems and data - red team attack and breach simulations, (OT) critical infrastructure testing.

Cybertronium

Cybertronium

Cybertronium is a leader in managing cyber risk. We bring you the latest from the complex, ever-evolving online threat environment with the insights to inspire and the expertise to act.

Network Perception

Network Perception

Network Perception proactively and continuously assures the security of critical OT assets with intuitive network segmentation verification and visualization.

Emtec

Emtec

Emtec’s cyber security team provides advisory, assessment, & managed security services that help you build the cyber security policies, toolsets & best practices to elevate your cyber security posture

Smile Identity

Smile Identity

Smile Identity helps businesses confirm the true identity of their users in real-time using any smartphone or computer.

Arculus Cyber Security

Arculus Cyber Security

Arculus Cyber Security enables customers to securely realise the benefits of digital transformation through pragmatic solutions, guidance and services.