City of London Hit By 1-Million Cyber Attacks a Month
Newly-uncovered data shows the frequency and severity of cyber attacks on the City of London Council, which have the potential to shut down power grids and cause hundreds of millions in damages.
Freedom of Information requests have revealed that the City of London is hit by as many as one million cyber attacks each month, according to a new report from Centrify.
The documents reveal the scope in which all entities - particularly large corporations and councils - are targeted by cyberattacks. Centrify contacted the City of London while attempting to discover the scope of security risks facing one of the world’s financial hubs; the results were staggering.
According to the documents, the City of London Corporation was hit by 2.8 million cyber attacks in the first three months of 2019, averaging out to 927,000 per month; a 90% increase from the 489,000 that were reported between April and December of 2018.
“The high volume of sensitive public information contained within the systems and databases of organisations like the City of London Corporation make it a top target for cyber criminals.”
The vast majority (6.9 million) of the 7.2 million attacks between April 2018 and March of 2019 were classed as spam. The second highest rate of attacks were ‘spoof mail’ and phishing attempts, 244,293 attacks in total. Centrify found that the city’s governing body was the victim of 17,556 detections of ‘top malware.’
Andy Heather, VP of Centrify, the company responsible for putting together the report comprised of the freedom of information documents says that due to “the high volume of sensitive public information contained within the systems and databases of organisations like the City of London Corporation make it a top target for cyber criminals.”
“Malicious email scams such as phishing and malware attacks form a substantial part of the wider cyber threat facing councils across the country, in London and beyond.”
Heather continued to explain that “with so many attacks taking place every day, it’s vital that all organisations adopt a zero trust approach to user activity, to prevent hackers gaining access to council systems using legitimate log-in details that may have been stolen or purchased on the dark web.”
Information Security Magazine says that “the findings could either be interpreted as a worrying rise in attacks, or proof that detection methods are getting better.”
In addition to the report publishing the frequency of cyber attacks on the City of London, research published by the UK Infrastructure Transitions Research Consortium (ITRC) at the University of Oxford confirms that electricity networks are increasingly vulnerable to cyber attacks.
The research puts the figure of a worst-case scenario of an attack on London’s electricity network at around £111-million each day. Edward Oughton, infrastructure researcher at the ITRC and the Centre for Risk Studies at the Cambridge Judge Business School says that “critical national infrastructure such as smart electricity networks are susceptible to malicious cyber attacks which could cause substantial power outages and cascading failure affecting multiple business, health and education organisations, as well as domestic supply.”
SmartCitiesWorld says that “a Worldwide Threat Assessment of the US Intelligence Community report published earlier this year also notes that “China, Russia, Iran and North Korea increasingly use cyber operations to threaten both minds and machines in an expanding number of ways- to steal information, to influence our citizens, or to disrupt critical infrastructure.”
A similar paper from the Risk Analysis Journal titled “Cyber-Physical Attacks on Electricity Distribution Infrastructure Networks’ says that conservative estimates range from £20.6 million for a four-substation event all the way to north of £100-million for an event that compromises fourteen-substations.
“The research will be of interest to governments, private infrastructure operators, commercial consumers of infrastructure services and other stakeholders who want to understand systemic risks from cyber-physical attacks on critical national infrastructure,” said Daniel Ralph of the Cambridge Centre for Risk Studies.