News
Comment from Webroot - Northern’s ticket machines hit by ransomware cyber attack
July 2021 by Kelvin Murray, Senior Threat Research Analyst at Webroot
As you might aware, a suspected ransomware cyber-attack has targeted northern rail’s new self-service ticket machines. The system has been offline since last week, and an investigation is underway. It comes just two months after 621 of the touch-screen units were installed at 420 stations across the north of England at the cost of £17m. The government-run operator said it had taken "swift action" along with its supplier, Flowbird, and customer and payment data had not been compromised. Only the servers which operate the ticket machines have been affected, Northern said.
Kelvin Murray, Senior Threat Research Analyst at Webroot explain.
Cyberattacks are becoming increasingly varied. They are more innovative, and their attacks are increasingly targeted, so it’s becoming more challenging for IT admins and security teams to put any single process or technology in place to protect against threats. Transport is particularly one of the industries that is most vulnerable to ransomware attacks. Even a few hours of disruption to a transport hub can cause millions of pounds of losses, and the knock-on effect to commuters, commerce, and business can be huge.
Touchscreens have become a part of our lives, from train stations to fast food venues, and while they definitely can make life easier, any business should have redundancy plans for outages such as these. One layer of protection is not enough to reduce your organisation’s exposure to risk sufficiently. It is crucial to building in multiple layers of detection and response into your infrastructure. Despite this attack succeeding, there are positives. There are no details of company or customer data being stolen yet, and it looks like the damage was contained to one set of operational systems, which is usually not the case. So, having multi-layered cyber defences and tight processes will help protect the business, services, and systems to uncover weaknesses before criminals exploit them.
