UK Network Rail hit with cyberattack on Wi-Fi system

26 Sep 2024

Image: © I-Wei Huang/Stock.adobe.com

This is the latest attack on a UK transport operator, following a cybersecurity incident at Transport for London earlier this month.

The public Wi-Fi at 19 stations across the UK were subjected to a cybersecurity incident last night (25 September).

The stations affected include London Euston, King’s Cross, Manchester Piccadilly, Edinburgh Waverley and Glasgow Central. They are managed by Network Rail, which said in a statement that the Wi-Fi is a self-contained ‘click and connect’ service that doesn’t collect any personal data.

“The incident is subject to a continuing investigation, but police are seeking help from an employee of one of the service providers,” the operator said in statement sent to SiliconRepublic.com.

“Once our final security checks have been completed, we anticipate the service will be restored by the weekend.”

‌The Wi-Fi service is operated by communications company Telent, which has been working with Network Rail and other stakeholders to resolve the issue.

“Through investigations with Global Reach, the provider of the Wi-Fi landing page, it has been identified that an unauthorised change was made to the Network Rail landing page from a legitimate Global Reach administrator account and the matter is now subject to criminal investigations by the British Transport Police,” Telent said in a statement.

“As a precaution, Telent temporarily suspended all use of Global Reach services while verifying that no other Telent customers or personal data were impacted.”

‘A bullseye on its back’

The incident is the latest attack on a UK transport operator, following a cybersecurity incident at Transport for London earlier this month.

David Critchley, regional director for the UK and Ireland at cybersecurity company Armis, said the UK transport industry has “a bullseye on its back”.

“The privatisation of this sector and its fragmented framework leaves it particularly susceptible to attacks of this nature,” he said.

“By launching these offences, attackers can cause significant disruption such as sowing discord and physically halting operations, which not only affects society but the wider economy.”

It’s not just the transport industry that is seeing increasing cybersecurity incidents, but critical infrastructure as a whole.

Earlier this year a dangerous ransomware attack impacted multiple hospitals in London, causing various procedures to be cancelled or redirected.

And in the US, oil service company Halliburton was forced to shut down some of its systems after a cyberattack.

“With this latest breach potentially a result of failings made by a third-party provider, it’s vital that other critical national infrastructure entities understand the vulnerabilities that can come from not securing the entire supply chain,” said Critchley.

Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.

Jenny Darmody is the editor of Silicon Republic

editorial@siliconrepublic.com