Hackney services still offline in ongoing cyber attack

Resident services at Hackney Council in east London remain disrupted and offline more than 48 hours after the council was hit by a serious cyber attack.

In an update on its website, a council spokesperson said investigations alongside the National Cyber Security Centre (NCSC), the National Crime Agency (NCA), external security experts and the Ministry of Housing, Communities and Local Government were ongoing, but remained at an early stage. The incident has also been reported to the Information Commissioner’s Office (ICO).

“We understand that residents will be anxious about the risk to their data, and we are working closely with the ICO, police agencies and other experts,” said the spokesperson. “We are committed to sharing further information about this as soon as we can, including what, if any, actions residents may need to take.

“We know that residents may be concerned and will have questions. We are learning more about the attack but are choosing not to share any more information at this stage in order to make sure we do not inadvertently assist the attackers. We want to share as much information with residents as possible, and as soon as we are able to safely do so, we will.

“The attack is continuing to have a significant impact on council services and we ask residents not to contact us unless absolutely necessary.”

Comparitech security specialist Brian Higgins said that, as with any successful cyber attack, the first few days immediately after it is made public will be the most dangerous to service users, in this case Hackney residents.

“It is absolutely vital that the residents of Hackney keep their cool,” he said. “Under no circumstances should they respond to any unsolicited requests for information. Cyber criminals will play on their worries and fears to gather information like login credentials, passwords, bank details and other personal information and use it to commit even more crime. They will contact people via email, telephone, social media and even by post or in person.”

Although Hackney Council has only disclosed limited information about the exact nature of the attack at this stage, given the limitation to, and partial loss of, some of its services, the incident bears some hallmarks of a ransomware attack.

Higgins added: “In any event, Hackney Council, by enlisting the help of the NCSC, have given themselves and the communities they serve the best chance of recovering from what is a very concerning situation.”

Sam Curry, chief security officer at Cybereason, said: “The good news is that they are working closely with the NCSC to get to the bottom of the origins of the attack, so that services can be restored as soon as possible. The bad news is that it could take days or weeks for essential services to be operating normally.”

The cyber security risks facing public sector organisations and local authorities such as Hackney Council were laid bare in a report published today by the Reform think tank. The report said local government bodies fared particularly badly when it came to cyber resilience and were facing additional pressures as the Covid-19 pandemic has left many forced to stand up digital services quickly.

It added that many were unclear how to keep new systems up to date and secure, or were delaying the roll-out of new security services in order to keep a lid on their operational costs.

Francis Gaffney, director of threat intelligence at Mimecast, said: “The ongoing and increasing number of attacks on public sector organisations continues to give cyber security professionals, at all levels, a cause for concern. Although an attack on private sector organisations can have significant consequences, there are few sectors that have the potential to impact as many lives, in as many ways, as the public sector.

“The public sector is an attractive target to threat actors, as the size and scope of many public sector organisations means they are often responsible for securing particularly sensitive personal data for millions of people.”

Gaffney added: “Public sector organisations may not operate in a competitive environment, where reputation can make or break their profitability, but they often rely on the trust of the public to function properly and achieve their full potential. This attack on a local authority, particularly during a pandemic when many citizens are turning to their local authority for help and guidance, highlights just how wide the socio-economic blast radius of a cyber attack on a public sector entity can be.”