Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Online Services. Show all posts

London's Transit System Suffers Through Prolonged Cyberattack; Data Security a Concern







Transport for London, the governmental body tasked with running the capital's transit system, is battling a cyberattack that has stretched into a second week. The backbone of the transit operations remains intact and fully functional; however, many of TfL's online services and digital customer platforms are still down, an indicator of the severity of the situation.

TfL Confirms Ongoing Cyber Incident 

An update was published on the website of TfL on October 14th with regard to the cyber incident. It confirmed that a cyber incident was "still being worked on." This came to replace its previous statement that there is "no evidence" the customer data has been breached. Now it is worded as "working to secure our systems and your data", which sends menaces of data breaches.

The uncertainty about whether or not customer data is safe has grown since TfL took back the earlier assertion of no compromise of data. To explain whether they have the technical capability-including log analysis-to determine if customer or employee data has been stolen or exfiltrated during the attack, TechCrunch reached out to TfL. However, TfL spokesperson Thomas Canning dodged these questions. Although TfL confirmed the update to the website, it is not known if the attackers have accessed any kind of information related to customers or employees.

Customer Concerns and Impact on Digital Services

While the cyberattack did not directly impact the transit system, the extended unavailability of online services has caused a great deal of inconvenience to users. Many key digital capabilities remain unavailable, and there is concern about possible long-term impacts on the way customers interact with the transit agency. In fact, TfL has successfully reassured the public that their top priority now is the resolution of this issue and protection of their digital infrastructure against such incidents in the future.

What's in Store for TfL?

Since the cyber-attack is continuous, questions such as the extent of the breach and whether sensitive data has been pilfered are left unanswered. While TfL tries to suppress the situation, until the full breadth of the incident is clarified, a likelihood exists that public trust in protection against leakages of personal data will be put on the agenda.

This indicates the nature of the risk that public organisations face when confronted with sophisticated cyber threats and how such occurrences can be better avoided in the future through more effective cybersecurity measures.

Preventative Measures and Security Focus

This will perhaps shape future policy at TfL around cybersecurity issues, with better protection for customer data and not allowing such an attack to take place in the future. While recuperation of affected digital services takes place, any perceived opacity or lack of clear communication about what happened may hamper efforts to restore confidence in the security of customers' personal information.

This is a still-ongoing incident that serves as a good reminder that organisations all over the world should be very aware and proactive with respect to cybersecurity, constantly reevaluating defenses to minimise the threat, which always seems to be growing.





Seattle Public Library Hit by Ransomware Attack, Online Services Disrupted

 

The Seattle Public Library (SPL) has faced a significant cybersecurity incident, with its online services being disrupted due to a ransomware attack. This attack, detected over the weekend, led to the library taking proactive measures by bringing its online catalog offline on Tuesday. By Wednesday morning, while some services had been restored, many critical functionalities remained unavailable, affecting numerous patrons who rely on the library's digital resources. 

The ransomware attack has caused extensive service interruptions. The library's main website is back online, and some digital services, such as Hoopla, are accessible. Hoopla allows library cardholders to remotely borrow audiobooks, movies, music, and other media. However, several essential services are still offline, including e-book access, the loaning system for physical items, Wi-Fi connectivity within library branches, printing services, and public computer usage. 

The library has reverted to manual processes to continue serving its patrons. Librarians are using paper forms to check out physical books, CDs, and DVDs, ensuring that patrons can still access these materials despite the digital outage. In the case of SPL, the specific details of the ransomware attack, including how the library's systems were compromised and whether any data was stolen or accessed, have not been disclosed. The library has prioritized investigating the extent of the breach and restoring services. The SPL has reassured its patrons that the privacy and security of their information are top priorities. 

In a public statement, the library acknowledged the inconvenience caused by the service disruptions and emphasized its commitment to resolving the issue swiftly. "Privacy and security of patron and employee information are top priorities," the library stated. "We are an organization that prides itself on providing you answers, and we are sorry that the information we can share is limited." The incident underscores the growing threat that ransomware poses to public institutions. Libraries, like many other organizations, handle vast amounts of personal data and provide critical services that can be attractive targets for cybercriminals. 

The ransomware attack on the Seattle Public Library is a stark reminder of the vulnerabilities that public institutions face in the digital age. As the library works to restore full functionality, it will likely implement enhanced security measures to prevent future incidents. This incident may also prompt other libraries and public institutions to re-evaluate their cybersecurity protocols and invest in more robust defenses against such attacks. In the broader context, the attack on SPL highlights the importance of cybersecurity awareness and preparedness. Public institutions must continually adapt to the evolving threat landscape to protect their digital assets and ensure uninterrupted service to their communities.

Attack on Oakland City attributed to Play Ransomware

 


Oakland recently became the victim of a ransomware attack that disrupted the city's services and caused a state of emergency to be declared by the city. Cyberattacks are a real-world problem with real-world consequences and the recent attack on Oakland is a demonstration of the same. 

As shared on Twitter by cybersecurity analyst Dominic Alvieri, a security researcher, it appears that an attack on a cryptosystem was the work of the Play Ransomware gang. 

The Play Ransomware operation, also known as PlayCrypt, was launched in June 2022 and has been in operation for some time. The software not only adds the .play extension to the encrypted files but also leaves a note explaining how to contact the developers via email. 

As one of the most populous cities in the San Francisco Bay Area, Oakland has a population of over 440,000 people. It is located on the east side of the county. There is a great deal of economic and trade activity happening in this city, which is also the regional commercial center. 

The city’s authorities informed the public that it had been targeted by a ransomware attack on February 10, 2023. It impacted all network systems except 911 dispatch, fire and emergency services, and city financial systems. 

On February 14, 2023, the City of Oakland issued a local state of emergency to expedite restoring the impacted systems. This was done by bringing all its services back online as soon as possible. All business taxation obligations received a 45-day extension, as the city could not facilitate online payments. Parking citation services were also impacted by a lack of calls or payments. 

By February 20, 2023, IT specialists helped restore access to public computers, scanning, printing, library services, and wireless internet connectivity throughout the city’s facilities. However, the city’s non-emergency phone services (OAK311) and business tax licenses remained unavailable, while the online permit center returned to partial service.

The latest update on the City of Oakland website came on February 28, 2023, two weeks after the ransomware attack. The service status remains mostly unchanged. 

Play Claims Responsibility for the Attack 

The Play ransomware gang has now claimed responsibility for the attack on Oakland, listing them as victims on its extortion site on March 1, 2023. This was first spotted by security researcher Dominic Alvieri. 

Threat actors claim to have stolen documents containing private, confidential data, financial and government papers, identity documents, passports, personal employee data, and even information allegedly proving human rights violations. 

These documents were allegedly stolen during hackers' intrusion into Oakland City networks. They are now used as leverage to get the city’s administration to meet their demands and pay the ransom. 

As the name implies, Play Ransomware targets diverse sectors and regions, including economic, manufacturing, technological, real estate, transportation, education, healthcare, government, and a whole lot more. 

There are different rates for ransom demands based on the importance and size of the victim organization. Some victims have recovered their data by paying millions or thousands of dollars depending on the extent of the loss. 

Oakland has had 72 hours to respond to the threat actors' request to extort it, so they have threatened to publish the above documents by the end of tomorrow. No status updates are mentioned on the City of Oakland's portal that mentions data exfiltration, so the city's authorities have not yet confirmed that data has been stolen based on the updates the city has published on the portal.

Several companies, including Antwerp, Belgian City of Antwerp, H-Hotels, Rackspace, Arnold Clark, and A10 Networks, have been hit by this ransomware operation since then.

On the open market, there have been reports that the ransomware gang Play has been suspected of participating in the attack on Oakland. The Play gang is allegedly responsible for the Oakland attack. The website that they use for an extortion attack on March 1, 2023, lists them as one of the victims of the attack. Initially, Dominic Alvieri, a security researcher at the University of Illinois, became aware of this issue, after it was raised by another researcher. 

Threat actors have stolen sensitive personal information from businesses. Documents such as financial records, government documents, identity documents, passports, information concerning personnel, as well as evidence indicating that individuals have committed human rights violations, are some of the types of records that belong to this category. 

According to reports, some of these documents were stolen by cybercriminals during the intrusions into Oakland City's network. Now, those who wish to exploit the city administration for profit are using them to obtain extortion money through extortion to meet their demands and to initiate the payment of the ransom. 

The Play Ransomware ransomware is a powerful piece of malware that targets victims across a variety of sectors and regions, so it is also highly suited to targeting victims from many different sectors, as well as industries and areas, such as manufacturing, transportation, education, healthcare, government, and much more. The amount of ransom that is demanded on behalf of the victim organization depends on the size and importance of the organization.  

There are times when victims will be required to pay thousands or even millions of dollars to recover their lost data, so they may have to pay these fees as well.   The threat actors had given Oakland approximately 72 hours to comply with the extortion attempt, due to the threat that they would publish the above documents tomorrow. 

According to a post on the City of Oakland's portal, no mention has been made of data exfiltration at the time of this writing, nor have there been any updates posted regarding it. There are, therefore, no confirmations that the information has been stolen by the authorities in the city. Several organizations have been victimized by ransomware attacks recently, including H-Hotels, Rackspace, Arnold Clark, and A10 Networks, in addition to the city of Antwerp, Belgium.