The summer holidays have passed, and schools are back open for a new term, and so are the hackers. September has been another busy month of cyberattacks and incidents, with everyone from schools to train stations falling victim to ransomware and the vulnerabilities of public Wi-Fi.
We've compiled some of September’s top incidents hitting the headlines recently.
Lancaster Royal Grammar School was recently attacked, prompting staff to shut down the IT system and rebuild it over the summer. While sensitive data such as pupil records and finances were unaffected, the attack caused significant disruption.
The school's IT department detected the issue and quickly shut down the system after realising it was a deliberate ransomware attack. With the help of cyber insurance experts, the system was rebuilt with enhanced security. Though no ransom was paid, it appeared to be the work of a professional group. Ten other schools in the region were similarly targeted.
A 17-year-old boy was arrested in Walsall due to a cyberattack on Transport for London (TfL), which affected around 5,000 customers. The hackers potentially accessed sensitive data, including bank account details, names, and addresses. The National Crime Agency (NCA) and the National Cyber Security Centre (NCSC) are investigating the attack, which began on 2nd September.
While customer impact has been limited, TfL has notified around 5,000 customers that their personal information, including bank account numbers and sort codes, may have been accessed during a cyberattack. Affected data includes names, emails, home addresses, and Oyster refund details.
The breach, which occurred nearly three weeks ago, continues to disrupt services, preventing customers from applying for new concession cards or accessing contactless data. TfL is working with the Information Commissioner’s Office and government agencies and has increased security measures at its offices. The NCA described the attack as "hugely disruptive," TfL apologised for the inconvenience. The investigation is ongoing.
A notorious Russian military unit, Unit 29155, has been linked to cyberattacks on Ukraine’s allies worldwide, aimed at disrupting aid efforts, according to a joint briefing by Western intelligence agencies.
Known for espionage and sabotage, this unit expanded into cyber operations in 2020. The group, also tied to the 2018 Salisbury poisonings, has targeted critical infrastructure, government agencies, and private companies in NATO and EU countries, as well as in Asia and Latin America. These cyberattacks, including the WhisperGate campaign, focused on disrupting aid to Ukraine. Experts warn that these operations may signal preparations for more aggressive actions against NATO.
Wi-Fi services at 19 UK train stations, including London Euston, Manchester Piccadilly, and Birmingham New Street, were suspended following a cybersecurity incident. Passengers at Manchester Piccadilly were redirected to a webpage displaying Islamophobic messages.
Network Rail and British Transport Police are investigating the cyberattack, which affected the Wi-Fi provided by a third party. Affected stations include major London, Glasgow, Leeds, and Edinburgh hubs. This comes after a separate cyberattack on TfL earlier in September, which compromised customer data. A 17-year-old has been arrested in connection with the TfL hack.
According to a Wall Street Journal report, state-sponsored hackers linked to Beijing, tracked by Microsoft as Salt Typhoon (also known as FamousSparrow and GhostEmperor), infiltrated several US internet service providers in a cyber espionage campaign.
The attackers aimed to establish long-term network access for data theft or potential cyberattacks, with investigators probing whether Cisco routers were compromised. Salt Typhoon has previously targeted Southeast Asian nations and others using a rootkit named Demodex. This attack follows recent US disruptions of another Chinese-linked botnet, highlighting ongoing cyber-espionage efforts targeting critical infrastructure.
The cyberattacks worldwide during September highlight the importance of airtight cybersecurity strategies and protocols for businesses of every shape and size, as well as being wary of the vulnerabilities of public Wi-Fi.
At Brigantia, we’re committed to providing our partners with market-leading cybersecurity solutions that address the evolving threats of the cybercrime landscape.
Working with our partners, we protect businesses of all sizes against all cyber threats.
Look through our website to learn about our vendor portfolio, how we work with channel partners, and read more articles like this.