Experts On Northern Rail Ticket Machines Targeted in a Suspected Ransomware Attack

By   ISBuzz Team
Writer , Information Security Buzz | Jul 21, 2021 07:34 am PST

It has been reported that Northern rail’s new self-service ticket machines have been targeted by a suspected ransomware cyber-attack. The system has been offline since last week and an investigation is underway. It comes just two months after 621 of the touch-screen units were installed at 420 stations across the north of England at a cost of £17m. The government-run operator said it had taken “swift action” along with its supplier, Flowbird, and customer and payment data had not been compromised

Notify of
4 Expert Comments
Oldest Most Voted
Inline Feedbacks
View all comments
Chris Hauk
Chris Hauk , Consumer Privacy Champion
July 21, 2021 3:58 pm

<p>China has long been suspected of being a state supporter of cyberattackers who both perform state-sponsored attacks and cyberattacks for their own personal gain. Unless the US and other countries push China to cease such attacks, they will continue to increase. Merely speaking out about the attacks will not be sufficient, and requires pressure to continue without pulling any punches.</p>

Last edited 2 years ago by Chris Hauk
Paul Bischoff
Paul Bischoff , Privacy Advocate
July 21, 2021 3:57 pm

<p>Everyone knows that the Chinese government aids and abets cyberspying and that China is a huge source of the world\’s malware. But China often conducts nation-state spying and attacks through third-party intermediaries and contractors, and cybercrime is often easy to hide or disguise. Furthermore, economic and political considerations have prevented the US and other countries from publicly lashing out against China. They are the same considerations that have shielded China from criticisms about its inhumane treatment of Uighur Muslims, it\’s use of child labour, and its currency manipulation. </p>
<p>The Microsoft Exchange server hack was a turning point. It was a severe and wide-ranging campaign that crossed a line with the US and its allies while also allowing the US to build a more concrete case against China. The question now is what we\’re going to do about it. I\’m sceptical that the US and its allies will actually convince or coerce China into reigning in cyber espionage and cyber warfare. China will continue to deny and deflect.</p>

Last edited 2 years ago by Paul Bischoff
Lior Div
Lior Div , CEO and co-founder
July 21, 2021 3:56 pm

<p><span lang=\"EN\">China’s offensive cyber operations are well documented and were the catalyst for the <a href=\"\" target=\"_blank\" rel=\"noopener\" data-saferedirecturl=\"\">DOJ’s China Initiative</a>. The Justice Department indictments against four Chinese nationals and the Biden administration’s zeroing in on China for their role in the massive Microsoft Exchange Server attack is another step toward driving accountability when it comes to cyber attacks. This time we are not alone. With NATO members, the European Union, Australia, New Zealand and Japan it is time that China notices that they are on the world stage and denying this is no longer an option.</span></p>
<p><span lang=\"EN\">This feels like now is the time for diplomacy and foreign policy to come together to resolve the cyber conflict. This is being done in the world community but applied to cyber for the first time.</span></p>
<p><span lang=\"EN\">Might it fall apart? Sure. Is everyone 100% aligned? Probably not.</span></p>
<p><span lang=\"EN\">Is this the new playbook emerging? Yes.</span></p>
<p><span lang=\"EN\">Let’s see what China does in response or, eventually, other pariahs like Iran, Russia and North Korea.</span></p>
<p><span lang=\"EN\">I expect the Chinese government to deny involvement and it’s likely they will point the finger at the U.S. With the Chinese government\’s record of contracting teams of threat actors to carry out attacks against companies on U.S. soil and in Europe, the crimes will continue, and justice will be extremely hard to find.</span></p>
<p><span lang=\"EN\">In 2015, President Obama and Chinese President Xi Jinping participated in a historic meeting at Stanford University in which both leaders agreed to a cease fire of sorts regarding cyberattacks against each other. We found out years later China lied to the U.S. and lied to the world about stopping cyberattacks against government agencies and other contractors. They never stopped for a second and continued to pilfer IP, data and proprietary information on nuclear weapons design, airplane engine designs and any other patent or drawing they could steal.</span></p>
<p><span lang=\"EN\">Economic espionage attacks are costing companies billions in lost revenue. No company is immune. The threat actors are motivated, well-funded and looking to profit from cybercrime activity with the blessing of the Chinese government while also making themselves available for contract work for economic espionage operations sponsored directly by and at the direction of the Chinese government. These targeted attacks have caused material and economic damage around the world and continue to be a problem for many, yet there are solutions to stopping these advanced attacks and it comes through extended detection and response products that are on the market today.</span></p>
<p><span lang=\"EN\">How this plays out weeks and months later is what matters. To China, it has long since past time you join with other responsible nations and stop sponsoring both criminal and state-sponsored cyber attacks. Stop pilfering government agencies and the private sector. Responsible nations work with other nations constantly on big issues such as cyber, trade and crime. And one of the most important aspects of being responsible is enforcing laws and bringing threat actors to justice for cyber attacks and other unlawful attacks against unsuspecting companies and individuals.</span></p>

Last edited 2 years ago by Lior Div
Andy Norton
Andy Norton , European Cyber Risk Officer
July 21, 2021 3:44 pm

<p>Given how recent the installation was, it would appear some basic security mechanisms are missing from the recent deployment. The ticketing system is likely Android based, and there is a small number of ransomware families that specifically target Android devices. Rail networks are considered critical infrastructure under the NIS legislation and so, a risk assessment of the new Ticketing system should have been undertaken and this risk assessment should have included the risk of Cyber attack with mitigating controls.</p>

Last edited 2 years ago by Andy Norton

Recent Posts

Would love your thoughts, please comment.x