London’s public transport network narrowly avoided a complete standstill last night after TfL announced it had thwarted a cyberattack on its network.
Last night, the capital’s metro and bus operator announced that there was an “ongoing cybersecurity incident.”
TfL told MailOnline the agency had detected ‘suspicious activity’ on its systems and had taken steps to restrict the attacker’s access.
While the transport operator says there is currently no disruption to services, experts warn that attacks on critical infrastructure such as TfL could be “disastrous”.
Andrew Brown, software security expert at Propel Tech, told MailOnline: ‘TfL thwarted a massive cyber attack overnight which, had it been successful, could have crippled the city this morning.’
Transport for London has announced an ongoing cybersecurity incident that began last night and could cause widespread disruption to services including the London Underground
In a statement, TfL announced that they are ‘currently dealing with an ongoing cybersecurity incident’
At 18:50 BST, TfL sent an email to customers warning that the government agency was dealing with an ongoing cybersecurity incident.
As part of routine monitoring, TfL discovered that someone was attempting to gain unauthorised access to TfL systems. As a result, access controls were restricted.
Although TfL reacted quickly to prevent the attackers from penetrating the network, many experts believe this incident hit too close to home.
Mr Brown said: ‘The cyber security incident at TfL must be seen as a significant near miss in terms of cyber security.’
Given the vital role TfL plays in providing transport in the capital, a serious attack on its systems could have led to serious, widespread disruption.
Spencer Starkey, executive VP of cybersecurity company SonicWall, told MailOnline: ‘The consequences of an attack and the resulting outage of critical national infrastructure could be catastrophic.’
TfL reports that an unknown hacker was discovered attempting to gain unauthorised access to their systems and that measures were being taken to prevent further access
It appears the attack was successfully prevented before the attackers could cause any damage.
Shashi Verma, TfL’s Chief Technology Officer, said: “While we are yet to complete our full review, there is currently no evidence that any customer data has been compromised.
‘There is currently no impact on TfL services and we are working closely with the National Crime Agency and the National Cyber Security Centre to respond to the incident.’
However, some cybersecurity experts believe that further disruptions will only become noticeable in the coming days.
Simon Newman, co-founder of Cyber London, said: “While TfL has been quick to point out there is no evidence that customer data has been compromised, details of the incident are still emerging.”
A spokesperson for the National Cyber Security Centre told MailOnline the agency is still working with TfL and law enforcement partners to ‘fully understand the impact of any incident.’
Experts warn an attack on TfL could bring London’s public transport network to a standstill, causing widespread disruption
According to Adam Pilton, Senior Cybersecurity Consultant at CyberSmart, there are also indications that “the attacker is still within their network.”
Mr Pilton said: ‘If you are a TFL customer, please ensure you stay up to date with the news regarding this attack. Additionally, please ensure you remain alert to any suspicious emails or messages you may receive in the coming days.’
TfL has not yet released details about the nature of the attack, but experts believe the attackers likely targeted the government agency itself rather than its customers.
Patrick Burgess of BCS, the Chartered Institute for IT’s Information Security Specialist Group, told MailOnline: ‘There is still little information available about what happened, but it appears the attack primarily affected TFL’s internal systems rather than those that deal directly with customers.
‘While we don’t know at this time, it is likely that the current attack is in the form of a ransomware attack, rendering some or all of their internal systems inaccessible.’
The identity of the attackers is unknown, but it is likely that their motivation was financial. There is currently no disruption to services, but experts suggest that more details could emerge in the coming days (stock image)
As companies are not required to inform customers about internal attacks, it is unusual for TfL to make this announcement.
Jake Moore, global cybersecurity advisor at ESET, told MailOnline: ‘TfL clearly has reason to believe this is a cyber attack, but it is strange that no data has been stolen.
Companies are attacked multiple times a day in the same way, but rarely disclose these attacks for fear of unknown consequences.
‘However, if an incident occurs that does not currently impact business operations, it is still wise to inform customers and staff as soon as possible should the situation change.’
To find out if your personal information has been compromised in a data breach or cyberattack before, you can use a breach monitoring tool such as Have I been hacked?
Simply enter your email address and the website will check your details against its database of leaked information.
If it turns out that your data has been compromised, you should change the passwords on all your accounts as soon as possible to prevent further attacks.