Network Rail confirms cyber attack on Wi-Fi systems at UK train stations
A host of railway stations across the UK have been impacted by a cyber attack that saw commuters met with messages on terror attacks.
The incident is believed to have affected the rail operator’s Wi-Fi at 19 stations in total, including London Euston, Liverpool Lime Street, Edinburgh Waverley, Glasgow Central, and more.
Commuters first encountered ominous messages after logging into Wi-Fi at affected stations, which displayed information pertaining to terrorist attacks in Europe and a message stating “we love you Europe”.
Wi-Fi services at affected stations are managed by a third-party service provider, Telent.
In a statement given to ITPro, a spokesperson for Network Rail confirmed the incident and that the operator is working with relevant authorities to investigate the issue.
“We are currently dealing with a cybersecurity incident affecting the public Wi-Fi at Network Rail’s managed stations,” the spokesperson said.
They added that “other organizations” have been targeted in the attack, but warned Telent “won’t reveal who” and advised the media to contact the provider.
ITPro has approached Telent for clarification.
What prompted the Network Rail attack?
The exact scale of the incident is yet to be confirmed. However, Network Rail said that Wi-Fi services at affected stations have been temporarily suspended.
Jake Moore, global cybersecurity advisor at ESET, said early indications show the attack could be an attempt by cyber criminals to probe security capabilities as opposed to relaying an outright threat.
“By defacing the Wi-Fi log on screen with a terror message suggests that the motive may simply be to test its general security rather than to pose a genuine threat,” he said.
Moore added that in this particular case, the attackers have purposely targeted the “weakest link” by attacking a third-party provider. He further speculated that this could’ve been achieved via a phishing campaign.
“Financially motivated cyber criminals are out to find data they can either steal or sabotage with a ransom demand put in place,” he added. “However, it seems nothing more has been demanded here other than more security in place following a separate attack on TfL earlier this month.”
What stations are affected?
Stations impacted by the incident are spread across the UK, Affected London sites include King’s Cross, Paddington, Charing Cross, Clapham Junction, Cannon Street, London Bridge, Euston, Liverpool Street, Victoria, and Waterloo.
Stations elsewhere across the UK include:
- Reading
- Guildford
- Manchester Piccadilly
- Liverpool Lime Street
- Birmingham New Street
- Leeds
- Bristol Temple Meads
- Edinburgh Waverley
- Glasgow Central
Source link