London councils endure wave of cyber assaults, shared IT providers hit
4 London councils have been cyber attacked over the previous few days.
Kensington and Chelsea; Hackney; Westminster; and Hammersmith and Fulham have all skilled IT system issues, and a few providers to the general public have been affected, together with telephone line providers.
The Royal Borough of Kensington and Chelsea and Westminster Metropolis Council issued an announcement yesterday, confirming they have been responding to a safety subject.
They stated they’ve been working with the Nationwide Cyber Safety Centre to guard programs and knowledge, restoring programs and sustaining important providers to the general public.
Their IT groups, they stated, labored by way of the evening of Monday into Tuesday 24–25 November and “profitable mitigations have been put in place”.
The councils say they’ve knowledgeable the Data Commissioners’ Workplace, consistent with following all of the related protocols. “We don’t have all of the solutions but, because the administration of this incident continues to be ongoing,” they added. “At this stage, it’s too early to say who did this, and why, however we’re investigating to see if any knowledge has been compromised.”
The assaults have been first reported by the BBC. Hackney Council has stated it raised its cyber safety risk stage to “important” and urged employees to assist shield residents’ knowledge, whereas Westminster Metropolis Council stated individuals have been struggling to contact it.
Precautionary measures
The 2 councils share IT providers with Hammersmith and Fulham. It has stated: “We’re persevering with to take precautionary measures to evaluation, isolate and shield our networks. We‘re working to repair the issue as rapidly as attainable, and we apologise for the inconvenience.”
Cyber safety consultants from the IT business have contacted Laptop Weekly with remark. Jon Abbott, co-founder and CEO of cyber safety administration provider ThreatAware, stated: “Native councils handle important capabilities and retailer a plethora of non-public knowledge, from tax data to non-public identifiers, making them engaging targets for cyber criminals. Because of this having the safety fundamentals in place is so necessary.
“These knowledge factors are extremely delicate, growing the potential for important penalties if breached,” he stated. “Cyber assaults on such entities don’t simply result in knowledge loss however can erode public belief.
“Many councils function underneath tight finances constraints, limiting their means to put money into the most recent cyber safety applied sciences and even preserve ample staffing for his or her IT safety groups.”
Megha Kumar, chief product officer at cyber safety advisory agency CyXcel, pointed to a probable level of assault.
“Early indications recommend the purpose of entry was by way of shared IT infrastructure utilized by the tri-borough association,” she stated. “Consultants imagine attackers exploited stolen credentials or related strategies to maneuver laterally throughout interconnected programs, a standard threat when a number of organisations share a core platform.
“This incident reveals that cost-saving shared providers can create single factors of failure,” added Kumar. “This incident as soon as once more highlights that hackers are concentrating on the weakest hyperlink in an organisation’s cyber safety, and that’s more and more their provide chain.”
Spencer Starkey, govt vice-president at SonicWall EMEA, stated: “Cyber assaults in 2026 will more and more attempt to erode public confidence in digital public providers by concentrating on UK authorities our bodies. Native authorities, with outdated programs and the place IT groups are already stretched by finances pressures, face sustained assaults designed to disrupt important citizen providers. These assaults may have second-order penalties, slowing service supply for tens of millions of individuals and creating long-term administrative backlogs outlasting the breach itself.”
Raghu Nandakumara, vice-president of Trade Technique at “zero belief” platform supplier Illumio, stated: “Native councils retailer an enormous quantity of non-public knowledge, which can be utilized in the long run to conduct additional assaults, making them a lovely goal for cyber criminals. On this case, if residents’ knowledge is discovered to have been compromised, it might be used for phishing assaults and scams, corresponding to fraudulent gasoline fee schemes, particularly as we head into winter.
“Whereas the choice to close down networks was a precautionary measure to mitigate the impression, these types of actions are attainable with out slicing off very important providers that 1000’s rely upon. We have to attain a degree the place each private and non-private sector organisations can include and survive cyber assaults with minimal disruption to operations.”
And Rob Demain, CEO at managed risk detection providers supplier e2e-assure, stated: “With three London councils affected on the identical time, essentially the most believable rationalization is a shared service supplier being compromised fairly than every council being individually focused. When outages strike a number of organisations concurrently, it typically factors to an MSP or different frequent provider as the basis trigger.”
The London councils are simply the most recent native authorities goal zone for cyber attackers. Earlier this yr, Oxford Metropolis Council disclosed election staff from 2001 to 2022 had private data accessed by hackers.
