London's Hackney Council has confirmed that many of its online services and IT systems have been affected by a serious cyber attack that took place earlier today.
Philip Glanville, the Mayor of Hackney, said in a statement that Hackney Council is presently trying to restore affected services as soon as possible while also delivering essential frontline services, especially to the most vulnerable citizens.
"Council officers have been working closely with the National Cyber Security Centre, external experts and the Ministry of Housing, Communities and Local Government to investigate and understand the impact of the incident. This investigation is at an early stage, and limited information is currently available. We will continue to provide updates as our investigation progresses.
"In the meantime, some Council services may be unavailable or slower than normal, and our call centre is extremely busy. We ask that residents and businesses only contact us if absolutely necessary, and to bear with us while we seek to resolve these issues," Glanville added.
Considering that Hackney Council and government agencies are presently investigating the cyber attack, the National Cyber Security Centre issued a brief statement, saying “we are aware of an incident affecting Hackney Borough Council” and that “the NCSC is supporting the organisation and working with partners to understand the impact of this incident.”
According to Troy Gill, manager of security research at Zix, while not much is presently known about the nature of the cyber attack targeting Hackney Council, but given the limitation and/or partial loss of services it seems quite possible that they may be suffering from a ransomware attack.
"This would follow the trend we have seen over the past few years with ransomware distributors targeting municipalities and disrupting essential services with the goal of increasing the likelihood the ransom will be paid. And of course if this is indeed the case, there is also the strong possibility that the attackers first made of with stolen data as that has become more common practice before locking files and posting the ransom note," he added.
According to Javvad Malik, Security Awareness Advocate at KnowBe4, regardless of the root cause of the cyber attack, this unfortunate incident serves as a reminder as to how dependent society is on digital systems. Councils provide housing, healthcare, and support for the most vulnerable in society, having these systems unavailable could have a very real and detrimental impact on individuals.
"It's why it's important that all organisations focus on building a culture of security throughout, so that all scenarios are considered from a confidentiality, integrity and availability perspective across people, processes, and technology," he added.
Niamh Muldoon, Senior Director of Trust and Security at OneLogin, said the cyber attack is another wake up call for all organisations to be vigilant, taking every measure to keep themselves safeguarded. This includes simple cyber hygiene steps such as the use of multi-factor authentication, security awareness training and employing the use of strong passwords that are not reused across accounts.
"Organisations can also ascertain key learnings from crisis management tabletop exercises including business continuity gaps. The best defence against what appears to be a ransomware attack is a robust Business Continuity Plan which includes regular backups, version control and thorough testing of disaster recovery procedures," she added.