Capita, an outsourcing services provider to numerous large organizations in the United Kingdom, experienced a cyber attack that disrupted internal access to Microsoft Office 365 applications. While the incident appears to be contained at this point, it has raised concerns due to the company’s relationships with the UK military and National Health Service (NHS) among numerous other government agencies.
Hit on UK outsourcing services provider raises fears of vendor compromise
Given the reach of the outsourcing services provider into many major companies and government branches, there are natural concerns about the situation. It is still not entirely clear what type of cyber attack the vendor was hit with, as it described it only as a “technical issue” in public statements.
Capita did say that internal phone lines were down for some amount of time, as well as at least some internal network email accounts. The element that really raised concerns is that several local government clients of the outsourcing services provider, including at least four London boroughs, reported that their own phone lines for government benefits, council tax and business rates call centers went down for some time.
Among other things, the outsourcing services provider runs operations for the NHS, Ministry of Defence base security and Royal Navy training centers. An anonymous source speaking to the Guardian said that employees at some impacted government facilities have been reduced to using pen, paper and radio to communicate in the wake of the cyber attack, but there are also some that still have access to their computers.
All of these circumstances point to a ransomware attack on the outsourcing services provider, but there has not yet been a confirmation. Officially, the word is that an investigation is underway, but Capita has told media sources that it believes the incident was some sort of cyber attack. There has not yet been any appearance of stolen data on the dark web, or any known claims to it made by hacking groups.
Cyber attack hit in early morning hours, caused varying symptoms
While some are reporting a complete outage of phone systems, other Capita employees were reportedly able to bring up a login screen at their workstations. However, their password ceased to work properly. Signs of a cyber attack began at 4 AM on Friday, but the issue was not discovered until 7 AM when employees began arriving at work.
The outsourcing services provider is tied to some government functions that could be considered part of critical infrastructure or critical national defense, but there is not yet an indication that these elements have been impacted by the cyber attack. These include the NHS’s primary care program, the fee collection system for Transport for London, automation of some HM Revenue and Customs tax collection functions, collection of license fees for the BBC, and location tagging for prisons and the probation department. The group is one of the biggest individual vendors for the UK national government as a whole, with about £6.5 billion in annual contracts.
Capita has revealed that the primary internal issue is an inability to access Microsoft Office 365 applications, which they are working to fully restore. The cyber attack was reportedly detected and contained before it could reach Azure directories, which could have provided the threat actors with widespread access to user accounts. No client or personal data is known to be compromised at this time.
A February report from IBM’s X-Force Threat Intelligence Index indicates that the UK is currently seeing the largest amount of cyber attacks of any country in Europe, with nearly half of all those in the region in the prior 12 months directed at the nation. The report names cybersecurity spending, which has remained flat in the country since 2021 despite an overall jump in threat activity, as a possible reason for the special attention. The nation is also currently considering a revision of the Computer Misuse Act (CMA), which critics say presently hampers cybersecurity testing and vulnerability research as it criminalizes certain practices that have already been widely adopted elsewhere.
The possibility of government service disruptions via a compromised outsourcing services provider comes at a bad time, as the country continues to recover from the highly damaging Royal Mail attack that has caused international shipping chaos (and has proven to be difficult to fully resolve). That attack saw Russian criminal actors hit the service with ransomware in January, knocking out certain types of international parcel and letter delivery for six weeks as the issue was remediated.
Camellia Chan, CEO and Founder at X-PHY, notes that attacks on outsourcing service providers are increasing; this is not necessarily due to inferior security, but that they are the fastest path of access to multiple high-profile organizations: “The recent confirmation by Capita that it is investigating a cyber-attack highlights the critical need for robust cybersecurity measures within the public sector. Cyber criminals often target these organisations – not just directly but through third party providers, as we have seen here – knowing the potentially devastating impact of disrupting critical public services across the country.”
“Safeguarding the sensitive information stored should be a top priority. All organisations are at risk, and that includes having a weak link in your supply chain. Investing in cybersecurity solutions that operate at the hardware layer is essential to provide a robust defence against today’s cyber threats. By fortifying the area closest to the data, public sector-affiliated organisations can guarantee a high level of protection for the sectors they support. This ensures that services remain unaffected, giving peace of mind to the organisations and the public they serve,” added Chan.