Due to an ongoing cyberattack against the wider TfL IT estate, Dial-a-Ride, a free door-to-door transit service for disabled people that Transport for London ( TfL ) runs throughout the capital, was forced to temporarily suspend new booking requests for a while.
The nature of the ongoing incident, which TfL has not revealed beyond a simple media statement, has reportedly caused Dial-a-Ride staff to struggle with constrained access to some of their IT systems and email. In response to outbound requests, the service began to experience major delays, and TfL made the decision to suspend novel bookings.
A TfL spokesperson confirmed that the service had to be suspended, but assured Computer Weekly that everything was back to normal.
The booking system for Dial a Ride was briefly down as a result of the domestic measures we are taking as part of the cyber security incident, but already-filled reservations were also made. We are now able to accept significant bookings, and we hope the situation will improve as the day progresses,” they said.
The Dial-a-Ride service is designed for people who have a continuous or long-term disability that prevents them from using buses, the Underground, or surface rail, and offers flexible transportation options for necessary local transportation within Greater London’s 32 boroughs. It runs a fleet of minibuses, which operate more like neighborhood taxis than buses, and which have drivers trained to assist passengers when necessary, such as assisting them on or off the bus.
The wider cyber attack has not affected TfL’s ability to run regular services on London’s bus network, the Underground, or its other services, and the organisation has recently said that there is no evidence to suggest that passenger data it holds has been compromised.
Nevertheless, the incident does seem to be impacting passenger logins for smart and Oyster payment accounts, and some APIs used by third-parties, such as Citymapper.
The incident appears to have started on or around Monday, September 2, and TfL has been working to stop it from happening by working with the National Crime Agency (NCA ) and the National Cyber Security Center (NCSC ) to stop it.
TfL CTO Shashi Verma stated in a statement on Monday that” we have taken a number of steps to our internal systems to deal with an ongoing cyber security incident.” We will continue to assess the situation throughout the incident and after the incident because the security of our systems and customer data is extremely important to us.
Tight-lipped response
Although The Register previously suggested that a network appliance vulnerability may have been the original access point that caused the attack, TfL has remained ad hoc about the specific nature of the incident.
The admission of TfL staff members being able to access some systems, as well as the evidence of restricted network access discovered by external researcher Kevin Beaumont , would suggest that the organization is attempting to contain a ransomware attack.
Mark Robertson, chief research officer at AcumenCyber, a managed security services provider ( MSSP), said:” Employees being locked out of systems is often the number one consequence in ransomware attacks. However, until TfL provides a more detailed update, we ca n’t say for sure what incident the transport network is facing, or who carried it out.
Luckily, all Tube services appear to be operating normally, which indicates that TfL has been able to stop the incident from having an administrative impact. Often, the whole of the capital could have been brought to a standstill. This also suggests that TfL had previously prioritized incident response plans in order to help the organization get ready for cyberattacks and stop them from having an impact, he added.
