London councils probe cyber incident as shared IT systems knocked offline Two London councils are scrambling for answers after declaring a cybersecurity issue that began on Monday. The Royal Borough of Kensington and Chelsea (RBKC) and Westminster City Council (WCC) confirmed they are investigating an "incident", admitting "we don't have all the answers yet, as the management of this incident is …
Give a great deal of thought to what or who they are impacting.
Anyone care to wager whether it's ransomware related or do we think it's just some kids messing around, a la the Transport for London hackers that have been in the dock recently?
There's a lot to be said when you're having concentration risk that impacts multiple entities, it's like the jackpot for hackers when they get into shared services like this.
"we are investigating to see if any data has been compromised" YES IT HAS BEEN
"Our IT teams worked through the night yesterday"
"we remain vigilant should there be any further incidents or issues" STABLE DOOR ETC
"We will continue working with our cyber specialists and the NCSC to restore all systems as quickly as possible"
"we will be in touch with more information as it becomes available"
"We're working to fix the problem as quickly as possible and we apologise for the inconvenience"
Well at least no one said that security is important.
“The incident involved phishing and social engineering tactics, with warnings issued to staff to avoid suspicious emails and links.” ref
How about only accepting emails digitally signed by a trusted Certificate Authority (CA). Or at least marking all other emails as suspect?
Cause that would be a pain in the arse.
Having a good DKIM and DMARC setup is the way to go.
Although neither protect from 3rd party contractors who themselves have had a mailbox breach. So all the phishing is coming from a trusted mailbox.
As we always say "If you're not expecting it. Don't following the links and certainly DON'T put in your login details". Sadly, they continues to fall on deaf ears.
Doesn't work in a Council. they need to accept email from every source because they must deal with citizens who may use anything from Enterprise Exchange to homebrew mail servers and at any time one of those mesages might contain a legally meaningful request (DSAR, FOI) or a threat to life report. Same goes for all the small businesses and contractors, less dramatic but same range of IT.
No point in marking emails as untrusted if that marking appears on 50% of them, people stop seeing that sort of thing very quickly.
Training staff helps but again they receive so many emails from so many sources that it they can't be expected to catch all of them, and tbh dodgy ones come from legitimate sources regularly.
What they should be doing is preparing for compromise and having a compartmentalised network that can cope with getting hit and having immutable storage of critical data to prioritise recovery. But they'll have cut their IT resources beyond the bone years ago, and won't have the skills in house to do it and probably no money to buy in a service.
I worked Infosec in a council for years, most people don't realise that a council is one of the most hideously complex organsiation in terms of IT that you can possibly deal with. A bank might be big but it's nowhere near as complex in terms of services delivered and userbase as a council. On top of that you've never enough people, those you have are underpaid and know it and the management is too busy pretending that their council is a bluechip company. And then you have government constantly sticking it's nose in and stirring the pot to its own whims too.
Good luck to those dealing with this, it's not easy.
Whilst it irks me to promote big tech, switching from enquiries@mipleylocalcouncil.gov.uk to mipleylcenquiries@gmail.com would add a rather more heavyweight malware filter to their set up. It's not a cut and dried solution, but it is better than the average UK local council options.
A shared IT Service for multiple Councils should mean combined teams for the service desk functions (incidents and service requests) and for specific service areas (network, security, server, desktop, mobile device management, development and test, project management, change management …),
This should not imply that the data / storage is also all mushed together such that an intrusion in one Council affects all of them.
Presume things should be setup as multi-tenant with horizontal isolation, and that data is only exchanged between Councils where legal, appropriate and authorised.
But perhaps the { service desk | database | communications } system within the IT service is what's affected.
With the councils, it's less likely to be a shared IT service, and more likely to be one group providing a service across both council areas, which means federated auth and cross-council access.
It happens in the NHS too.
I can't wait for everything to be digital, no backup manual systems, no alternates, what could possibly go wrong? Digital (meaning centralised) ID, CBDC!!! The gateway to everything, the death knell of society more like. Can you imagine the meltdown first from frustration then when food cannot be obtained - Kaboom. Centralised systems (& therefore power) almost always result in ruin.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
