A significant IT outage at outsourcer Capita that started on Friday 31 March has been confirmed as the results of a cyber assault of a at present undisclosed nature.
The incident downed some customer-facing companies and, given the character of Capita’s enterprise – the organisation has billions of kilos of public sector contracts – sparked speedy fears of a cyber assault.
Among the many organisations affected had been a number of councils, together with the London boroughs of Barnet and Barking and Dagenham, which had been compelled to droop their name centre operations.
According to internal sources, the incident additionally hit some suppliers of vital nationwide infrastructure (CNI), forcing workers to resort to pen and paper in some circumstances.
In a statement, Capita mentioned it had certainly “skilled a cyber incident” primarily impacting entry to inner Microsoft Workplace 365 functions.
“This brought about disruption to some companies offered to particular person shoppers, although the vast majority of our shopper companies remained in operation,” the organisation mentioned.
“Our IT safety monitoring capabilities swiftly alerted us to the incident, and we shortly invoked our established and practised technical disaster administration protocols,” it continued. “Rapid steps had been taken to efficiently isolate and comprise the problem. The difficulty was restricted to elements of the Capita community and there’s no proof of buyer, provider or colleague knowledge having been compromised.”
Restoring shopper companies
Over the weekend, Capita’s IT and safety groups have been working alongside specialist technical help to revive inner entry to the affected functions, and can also be making “good progress” in restoring shopper companies to full working order.
Though the way during which the incident first unfolded bears the hallmarks of a ransomware assault, there’s, on the time of writing, no indication as as to if or not Capita has been affected by ransomware.
Once more, the character of its enterprise as a provider to operators of the UK’s most crucial public companies would make Capita a first-rate goal for a financially-motivated or state-backed risk actor. The organisation has not made any additional touch upon the character of the incident.
Arctic Wolf technique vice-president Ian McShane mentioned: “As a result of its distinctive place on the coronary heart of presidency and public companies just like the NHS, and the continued development of attackers utilizing provide chains to assault at scale, it’s very important that organisations with direct hyperlinks to or from Capita’s IT and software infrastructure take precautions to cease any potential unfold.
“Organisations additionally should be alert to criminals benefiting from any confusion round this,” he mentioned. “Attackers all the time look to capitalise on worry and uncertainty by means of tailor-made social engineering assault campaigns. As such, staff needs to be suggested to scrutinise any communications additional fastidiously.
“Firm leaders also needs to talk instantly with staff to make sure they perceive the method for flagging suspicious emails or messages,” added McShane. “Likewise, IT groups ought to overview what protections they’ve in place, and implement proactive monitoring for all administrative accounts, making certain any adjustments made to those accounts will set off an alert.”