UK rail operator Northern suffered a cyber attack targeting its newly installed self-serve ticketing machines across Northern England, forcing the operator to take all the ticketing machines offline.
The publicly-owned train operator commenced its northern franchise operations in March 2020, soon after the franchise deal of former operator, Arriva Rail North was terminated. In May this year, Northern announced it installed over 600 new ticket vending machines in more than 400 stations as part of its wide-ranging modernisation plan that involved an investment of almost £17 million.
Earlier today, Northern said in a press release that it had to take all of its self-service ticket machines offline due to technical difficulties. “We are investigating the issue and are working hard to have the machines up and running again as soon as possible,” the operator said.
“We are sorry for any inconvenience this causes. In the meantime we are advising customers to either use our mobile app or website to purchase tickets in advance and, where necessary, to collect those tickets from one of our ticket offices.
“Customers who have already bought tickets to be collected at a machine, or who would normally use ‘promise to pay’ slips, should board their booked service and either speak to the conductor or to Northern staff at their destination station,” it added.
Flowbird, who installed and now monitors Northern’s self-service ticket machines, told ZDNet that the disruption was caused by a cyber attack. “The issue was first identified through cyber-monitoring systems and our initial investigations indicated that the service may have been subject to a cyberattack,” the firm said.
According to Reuters, Northern has admitted that the disruption was, in fact, caused by a ransomware attack. “This is the subject of an ongoing investigation with our supplier, but indications are that the ticket machine service has been subject to a ransomware cyber-attack,” Northern said.
Commenting on the cyber attack targeting Northern, Willem Hendrickx, International Senior Vice President at Vectra AI, told TEISS that the current wave of infrastructure attacks seem to be just as focused on creating chaos as they are on collecting payoffs. While it’s great to see a quick response from Northern Rail to identify the attack relatively early on, it has still impacted systems.
“On an almost weekly basis, we’re now confronting the security vulnerabilities in our essential systems, so other critical targets must take notice, and make sure they have advanced detection tools in place. Organisations must be able to reduce the time it takes them to spot threats to mitigate the impact of ransomware, using the latest technologies to stay one step ahead of the latest threats.”
According to Joseph Carson, chief security scientist at ThycoticCentrify, “this latest ransomware incident demonstrates that you might have deployed the latest software and hardware, but falling short on security best practices still leaves organisations exposed to becoming ransomware victims.
“While using the latest software is a good start, but using it alone is not enough. You must also ensure that the systems are hardened, secured, and patched along with strong privileged access security to make it difficult for ransomware attackers,” he added.
Image Source: Northern Railway