London‘s public transport narrowly avoided being brought to a grinding halt last night as TfL revealed it had thwarted a cyberattack on its network.
Yesterday evening, the operator of tubes and buses across the capital announced that it was dealing with an ‘ongoing cyber security incident’.
TfL told MailOnline that the agency detected ‘suspicious activity’ on its systems and took action to limit the assailant’s access.
While the transport provider says that there is currently no disruption to services, experts warn that attacks on critical infrastructure like TfL could be ‘disastrous’.
Andrew Brown, Software Security Expert at Propel Tech told MailOnline: ‘TfL have thwarted a massive cybersecurity attack overnight that, if successful, could’ve brought the city to a standstill this morning.’
Transport for London has announced an ongoing cybersecurity incident which began last night and could have brought widespread disruption to services such as the London Underground
In a statement, TfL announced that they were ‘currently dealing with an ongoing cybersecurity incident’
At 18:50 BST, TfL sent an email to customers warning that the government body was facing an ongoing cybersecurity incident.
As part of routine monitoring, TfL detected that someone was attempting to gain unauthorised access to its systems and moved to limit their access.
However, while TfL responded quickly to prevent the attackers from breaking into the network, many experts believe this incident was too close for comfort.
Mr Brown says: ‘The TfL cyber-security incident should be viewed as a sizable near miss in the realm of cybersecurity.’
Due to the vital role TfL plays in providing transport for the capital, a serious attack on its systems could have resulted in serious, widespread disruption.
Spencer Starkey, executive VP of cybersecurity firm SonicWall, told MailOnline: ‘The ramifications of an attack and ensuing outage on Critical National Infrastructure can be disastrous’.
TfL say that an unknown hacker was detected trying to gain unauthorised access to their systems and measures were taken to prevent them gaining further entry
It currently appears that the attack was successfully prevented before the assailants could cause any damage.
Shashi Verma, TfL’s chief technology officer says: ‘Although we’ll need to complete our full assessment, at present, there is currently no evidence that any customer data has been compromised.
‘There is currently no impact to TfL services and we are working closely with the National Crime Agency and the National Cyber Security Centre to respond to the incident.’
However, some cybersecurity experts believe that further disruption may only become apparent in the coming days.
Simon Newman, Co-Founder of Cyber London, says: ‘Although TfL have been quick to point out that there isn’t any evidence to suggest that customer data has been compromised, details of the incident are still emerging.’
Likewise, a spokesperson for the National Cyber Security Centre told MailOnline that the agency is still working with TfL and law enforcement partners to ‘fully understand the impact of an incident.’
Experts warn that an attack on TfL could have brought London’s transport network to a standstill, causing widespread disruption
Adam Pilton, Senior Cybersecurity Consultant at CyberSmart, says there is also evidence to suggest that ‘the attacker may still be in their network.’
Mr Pilton says: ‘If you are a TFL customer make sure you stay up to date with the news on this attack and in addition make sure you stay alert to suspicious emails or communications that you may receive in the coming days.’
TfL is yet to provide any details on the nature of the attack, but experts believe that the assailants likely attacked the government body itself rather than its customers.
Patrick Burgess from BCS, The Chartered Institute for IT’s Information Security Specialist Group, told MailOnline: ‘Information is still quite sparse with regards to what has happened, but it seems like the attack has mainly taken out the internal systems of TFL rather than the customer-facing ones.
‘Whilst we don’t currently know it is likely that the current attack is in the form of a Ransomware attack which has rendered some or all of their internal systems inaccessible.’
The attackers’ identities are unknown but it is likely that their motivation was financial. There is currently no disruption to services but experts suggest that more details could emerge in the coming days (stock image)
Since companies do not have any obligation to inform customers of internal attacks it is unusual that TfL would make this announcement.
Jake Moore, global cybersecurity advisor at ESET, told MailOnline: ‘TfL clearly have reason to believe this is a cyberattack, but it is strange that no data has been stolen.
‘Companies are targeted in a similar fashion multiple times a day but rarely announce these attacks due to fear of unknown repercussions.
‘However, if an incident occurs that isn’t currently affecting operations, it is still best to keep customers and staff informed at the earliest possibility should the situation change.’
To find out if your personal details have already been compromised in a previous data leak or cyberattack you can use a breach checker tool such as Have I Been Pwned.
Simply enter your email address and the website will check your details against its database of leaked information.
If it does emerge that your details have been compromised, you should change your passwords for all accounts as soon as possible to avoid any further attacks.