Capita, a provider of outsourcing services to many large organizations in the United Kingdom, has been hit by a cyber attack that disrupted internal access to Microsoft Office 365 applications.
Although the incident appears to be contained for the moment, it has raised concerns about the company’s relationship with the UK military and the National Health Service (NHS), among many other government agencies.
Outsourcing service providers in the UK fear vendor compromise as a result of a blow
Given the reach of outsourcing service providers to many large companies and government departments, there is a natural concern about the situation. It’s still not entirely clear what kind of cyberattack the vendor was hit with, as it described it only as a “technical issue” in a public statement.
Capita said internal phone lines were down for some time, along with at least some internal network email accounts. The element that has raised concern is that several local government clients of the outsourcing service provider, including at least four London boroughs, have reported that their phone lines for public benefits, council tax and business rates call centres have been down for some time.
Among other things, outsourcing service providers manage operations for the NHS, Ministry of Defense base security and the Royal Navy Training Centre.
An anonymous source who spoke to the Guardian said that employees of some affected government facilities reduced the use of pen, paper and radios to communicate in the wake of the cyber attack, but some still have access to their computers.
All these scenarios point to a ransomware attack on the outsourcing service provider, but there is still no confirmation.
Officially, the word is that an investigation is underway, but Capita has told media sources it believes the incident was some sort of cyber attack. There has yet to be any appearance of stolen data or any known claims made by hacking groups on the dark web.
A cyberattack often occurs at dawn and manifests in a variety of ways
While some are reporting a complete outage of the phone system, other Capita workers are said to have been able to bring up a login screen on their workstations. However, their password stopped working correctly.
Signs of the cyber attack began at 4 a.m. Friday, but the problem wasn’t discovered until 7 a.m. when employees started arriving at work.
Outsourcing service providers have been tied to some government functions that may be considered critical infrastructure or part of critical national defence, but there has been no indication yet that these components have been affected by cyber-attacks.
These include the NHS primary care programme, fee collection for transport for London, the automation of some HM Revenue And Customs tax series functions, license charge series for the BBC, and vicinity tagging for prisons and probation departments.
The group is one of the largest independent vendors for the UK national government as a whole, with around £6.five billion in annual contracts.
Capita has revealed that the primary internal issue is the inability to access Microsoft Office 365 applications, which they are working to fully restore.
The cyber attack was detected and contained before it reached Azure Directory, which could have provided threat actors with widespread access to user accounts. It is not known if any client or personal information was the treaty at this time.
A February document from IBM’s X-Force Threat Intelligence Index shows that the United Kingdom is presently seeing the best extent of cyberattacks of any country in Europe, with nearly half of the region targeting the nation in the previous 12 months.
The report names cyber security spending, which despite a jump in overall threat activity in the country since 2021, remains a potential cause for particular attention.
The nation is currently considering an amendment to the Computer Misuse Act (CMA), which critics say currently impedes cybersecurity testing and vulnerability research because it criminalizes practices that are already widely accepted elsewhere.
The prospect of government service disruption through a compromised outsourcing service provider comes at a bad time, as the country continues to recover from the highly damaging Royal Mail attack that caused international shipping chaos.
The attack saw Russian criminal actors hit the service with ransomware in January, knocking out certain types of the international parcel and letter delivery for six weeks as the problem was remediated.
Camelia Chan, CEO and Founder of X-PHY noted that the onslaught on outsourcing service providers is increasing; This is not necessarily due to inferior security, but they are the quickest route to access many high-profile formations: “Capita’s recent confirmation that it is investigating cyber-attacks highlights the critical need for robust cyber security measures in the public sector.
Cybercriminals often target this formation—not just directly but through third-party providers, as we have seen here—knowing the potentially devastating impact of disrupting critical public services across the country.
“The protection of stored sensitive data should be a top priority. All formations are at risk, and that includes having the weakest link in your supply chain. Investing in cyber security solutions that work at the hardware level is essential to providing a robust defence against today’s cyber threats.
By strengthening the proximity of data, public sector-affiliated organizations can guarantee a high level of security for the sectors they support. This ensures that services remain seamless, giving peace of mind to the organizations and public they serve,” Chan added.
