SkÃ³rzewiak – stock.adobe.com
Canterbury, Dover and Thanet Councils in Kent ranking all been struck by simultaneous cyber assaults knocking methods offline, with indications of a hyperlink between all three
Printed: 19 Jan 2024 12: 45
Three local authorities in Kent – Canterbury Metropolis Council, Dover District Council and Thanet District Council – ranking fallen sufferer to attain-simultaneous and potentially linked cyber assaults, knocking a total lot of public-dealing with methods across Kent offline.
All three authorities are understood to be working alongside the Nationwide Cyber Security Centre (NCSC) on incident response and remediation.
In the case of Canterbury, Computer Weekly understands providers at the side of its planning department, online forms and maps were taken offline, whereas Dover residents ranking misplaced ranking entry to to online forms, and Thanet also appears to ranking misplaced its planning department and online forms.
In a coordinated assertion, Canterbury and Dover’s councils mentioned: “Our teams are taking a precautionary plot whereas we work laborious to investigate the recount and to minimise any disruption to our providers.
“Our email system and net page were on hand in the course of, even if some points of the fetch net page can also no longer moderately work as meant. We’re sorry for any inconvenience folks can also ranking experienced over the final few days, and can also quiet provide updates as and when we have got them.”
A spokesperson for Thanet Council told journalists it had proactively restricted ranking entry to to its online methods following experiences of an incident.
The correct nature of the assaults stays undisclosed, even if they attain have some hallmarks of a ransomware incident. On this occasion, the info of the three victims’ proximity to one yet every other, and the a similar nature of the providers impacted, point to the assaults can also share a standard thread.
Stephen Robinson, senior threat intelligence analyst at WithSecure, mentioned: “The three councils tormented by this cyber attack all outsource their IT, revenues and advantages, and consult with centre providers to Civica as phase of the East Kent Products and providers [EKS] shared providers automobile. This may seemingly be very seemingly that this is where the incident happened, which offers an illustration of what providers can also were affected and what records can also were accessed.
“There is also a recount as as to whether this cyber attack impacted fully EKS, or also Civica itself,” he mentioned. “Carrier providers equivalent to Civica are on a recent foundation focused to enable what’s identified as a provide chain attack, where compromising a single service provider enables an attacker to compromise all of their prospects at the identical time, for a miles more devastating and impactful attack.”
Canterbury, Dover and Thanet first came together to assign of residing up EKS in 2011, but outsourced it to Civica in 2018 in a seven-year deal that aimed to realise over £5m in financial savings, and seen over 200 staff from all three affected councils transfer to a central hub.
Alternatively, given Civica plans to exit the industry course of outsourcing (BPO) market, the contract can also no longer be extended past January 2025, and the councils were engaged on their subsequent steps.
A spokesperson for Civica told Computer Weekly: “We can verify that this incident was no longer brought about by any of our methods. We can toughen affected prospects if requested and wait on in anyway we are in a position to to minimise the affect for them and the electorate they serve”.
Robinson mentioned that given they protect sensitive records on local residents and provide time-severe providers, local authorities typically uncover “supreme” victims for cyber criminals.
“Native councils no longer fully completely fit this template, [but] they’ve also been running beneath financial constraints that can also ranking impacted their skill to protect their networks and digital providers procure,” mentioned Robinson. “Diverse local councils in the UK and in one other nation were victims of cyber assaults in most up-to-date years, and not utilizing a signal that such exercise is slowing.”
In a file published rapidly sooner than Christmas 2023, the parliamentary Joint Committee on the Nationwide Security Technique warned of a lack of ransomware planning and preparedness pervading UK authorities at the splendid ranges, and mentioned public providers across the UK were genuinely being held “hostage of fortune”.
The file made sad studying for local authorities, where the committee reported that many are quiet far too reliant on legacy IT methods which are neither secured nor updated.
This text was updated at 14: 45 on Friday 19 January to incorporate a press liberate from Civica.
Read more on Records breach incident management and recovery
SCC snaps up Civica’s Licensing and Cloud Tool Lifecycle industry
By: Simon Quicke
High 10 authorities and public sector IT experiences of 2020
By: Lis Evenstad
Council to join hundreds of its net sites by wide space community
By: Karl Flinders
Civica picks up SaaS participant TranSend
By: Simon Quicke