Tuesday, 19 March 2024

Learning from Leicester: Cyber-attack causes disruption for council

Leicester City Council became the latest in a long line of local authorities who have suffered a cyber breach. What can we learn from this latest attack?

Earlier this month, Leicester City Council became the latest in a long line of local authorities who have suffered a cyber breach. What can we learn from this latest attack?


The Leicester Mercury reported that the City Council's IT systems and phone lines were expected to remain out of service for a week following a cyber-attack which caused systems to be taken offline since Thursday, March 7.


The scope of the cyber-attack

The local authority said it was working with “cyber security and law enforcement partners” to try to get systems up and running again. It hoped that by Wednesday the following week, it would be able to “start the recovery process”, prioritising the “most critical services”.

The council shut its IT and phone systems down “as a precaution” on Thursday, March 7, as soon as the attack was discovered. But warned it would take “at least two weeks” to get all systems back online. 

The local paper reported that housing benefits and other financial support payments were among the services affected. These are delayed, the council has said. Direct debits to the council could also be affected, with the council saying it will arrange collection with residents if it is unable to take scheduled payments automatically.

Furthermore, online forms for functions such as reporting child protection concerns or accessing housing services are down. Emergency phone numbers have been established in lieu of full access to key council services such as adult safeguarding, child protection, homelessness, housing, and others, with the emergency phone number as the only contact method.


Public sector organisations are at heightened risk

Leicester City Council is just the latest in a long line of local authorities being subjected to cyber-attacks. At the start of this year, three Kent councils were hit by almost simultaneous attacks, knocking systems offline.

This follows significant breaches at a number of local London Borough councils in 2023, which caused major disruption and saw sensitive personal data compromised.

Unfortunately, local councils, governmental authorities and other public sector bodies are at heightened risk of cyber-attack. The UK’s National Cyber Security Centre (NCSC) has warned that state-sponsored bad actors target public sector organisations to cause societal disruption and undermine public confidence.

Meanwhile, on March 11, 2024, the Joint Parliamentary Committee on National Security Strategy accused the UK Government of adopting an “ostrich strategy” by burying its head in the sand over the “large and imminent” national cyber threat posed by ransomware.

Dame Margaret Beckett MP, the chair of the Joint Committee, said it has become “ever clearer that Government does not know the extent or costs of cyberattacks across the country – though we’re the third most cyber-attacked country in the world – nor does it have any intention of commensurately upping the stakes or resources in response.”


Understanding the cause of the attack

It isn’t yet clear who is behind the cyber-attack in Leicester or how the attack was initiated. Leicester City Council is “liaising closely with the experts at the National Cyber Security Centre and law enforcement partners” as part of its investigations.

The Register reported that, “some security experts suspect ransomware is involved, and have noticed services at the council's network border pulled offline, including Citrix Netscaler and Cisco AnyConnect VPN appliances.”

However, the IT publication advised that, “a cursory scan of the major ransomware groups' leak blogs shows none of the big names are yet claiming responsibility for the attack on Leicester City Council.”

Leicester City Council said, “Although it’s still too soon to comment on the specifics of this incident, we’re continuing to work closely with specialist agencies and the police as they carry out their investigations into what happened.”


What can we learn so far?

Although the full details of the cyber-attack are yet to emerge, there already are some key takeaways for us all emerging from the attack against Leicester City Council: 

•    Attacks against local councils and public sector organisations are continuing unabated.

•    This serves as a reminder that ALL organisations need to be cognizant of this heightened threat.

•    Measures to strengthen cyber security should be taken – including making staff aware of the ransomware threat (and phishing awareness, for example, as it is a common attack vector).

•    Two weeks is an unacceptably long time to go without essential services.

•    Backup and restore capabilities must be up to date and – for most organisations – should be improved.

•    It isn’t a case of if you’ll be targeted but, rather, when.

•    Your cyber security defences need to succeed every time – the attackers only need to get lucky once.


What now?

If you would like expert advice about how to strengthen your organisation’s cyber security defences, please get in touch with the Grant McGregor team.

We can also help you to ensure you backup and recovery plans are strong and rapid enough.

Call us: 0808 164 4142

Message us: https://www.grantmcgregor.co.uk/contact-us

Further reading

You can get more advice about cybersecurity topics on our blog:

•    Do your backups include this important information?

•    What is a watering hole attack? And how can you protect against it?

•    Cyber Crime on the rise: how can you protect your organisation from it?

•    Is your organisation doing enough on supply chain security?

•    How to minimise the risk from phishing