Full Report
A West London council has revealed that it is the target of around 20,000 attempted cyberattacks every day. Hammersmith and Fulham Council, one of the boroughs in the capital, is no stranger to the growing risks of digital security breaches. In response to these frequent cyber threats, the council has ramped up its defense mechanisms, including implementing anti-phishing measures and strengthening firewall protocols. The scale of the cyberattacks faced by Hammersmith and Fulham is not unique. It is reported that phishing remains one of the most significant threats the council grapples with. Phishing occurs when malicious actors use deceptive methods—whether through email, social media, or other forms of communication—to lure individuals into revealing sensitive personal data or transferring money. Such attacks have become a widespread concern across local government agencies, and the West London council is actively working to mitigate the risks associated with them. Hammersmith and Fulham Council Cyberattacks The 20,000 daily attempts against the council’s systems are in line with the frequency experienced by similar-sized organizations in the public sector. Hammersmith and Fulham has responded to this challenge by incorporating anti-phishing policies alongside other cyber defense tools. These measures are designed to detect and block harmful traffic before it can reach the council’s networks, thereby preventing data breaches and system disruptions. A spokesperson for the London Councils group, which represents boroughs across the capital, highlighted that several councils have been targeted by large-scale cyberattacks in recent years. These incidents have sometimes resulted in significant financial costs and considerable disruption to public services. One of the most notable examples was the October 2020 ransomware attack on Hackney Council, which exposed personal data of both staff and residents. The sensitive information was later found on the dark web, sparking concerns over privacy and security within the public sector, reported The Standard. Following the attack, Hackney Council faced mounting costs related to recovery efforts, with the council's cybersecurity measures coming under scrutiny. In July of the previous year, the Information Commissioner’s Office (ICO) issued a formal reprimand, citing Hackney’s failure to implement proper security measures to protect personal data. In contrast, Transport for London (TfL) also endured a substantial cyberattack, which led to the temporary shutdown of various online services for several months. The Cybersecurity Budget At a recent meeting of Hammersmith and Fulham's Policy and Oversight Board, Cllr Rory Vaughan inquired about the planned cybersecurity budget for the upcoming year. The council’s documents indicate that additional funding will be allocated for 2025/26, aimed at enhancing cyber defense infrastructure and providing ongoing training for staff. This investment will be part of the council’s £124,000 Digital Inclusion Strategy, which also includes initiatives to help residents improve their computer literacy and digital skills. Cllr Vaughan expressed concern about the effectiveness of the new cybersecurity budget and whether it would bolster the council’s resilience against cyberattacks. He also emphasized the importance of ensuring that residents can interact with the local authority safely and confidently in the digital age. In response, Cllr Rowan Ree, the Cabinet Member for Finance and Reform, acknowledged the widespread nature of cyber threats, noting that not only Hammersmith and Fulham but also other major public sector institutions, such as the British Library and Guy’s and St Thomas’ NHS Foundation Trust, had been subjected to cyberattacks. He emphasized that the frequency of attempted attacks on the council’s systems demonstrates the scale of the ongoing cybersecurity challenge. Conclusion Cllr Ree highlighted the scale of the challenge, with Hammersmith and Fulham facing 20,000 cyberattacks daily, stressing the need for proper training to identify phishing and other threats. The council’s proactive approach includes anti-phishing and enhanced firewall measures to protect its digital infrastructure. London Councils emphasized the growing vigilance across all boroughs, as cyberattacks cause increasing disruption and costs.
Analysis Summary
# Incident Report: High-Volume Cyber Attack Attempts Against Local Council
## Executive Summary
The Hammersmith and Fulham Council is the target of an extremely high volume of cyberattacks, averaging 20,000 attempts daily, highlighting a significant and persistent threat environment for public sector institutions. While the article focuses on the ongoing nature of these pervasive attacks rather than a single successful breach timeline, the council is actively responding by increasing security funding, enhancing firewall protection, and implementing staff training to bolster resilience against routine threats like phishing.
## Incident Details
- Discovery Date: Ongoing (Reported February 12, 2025)
- Incident Date: Ongoing (Daily occurrence)
- Affected Organization: Hammersmith And Fulham Council
- Sector: Government / Public Sector (Local Council)
- Geography: West London, UK
## Timeline of Events
### Initial Access
- Date/Time: Not specified, constant/current state.
- Vector: Primarily noted as **phishing and other cyberattacks**.
- Details: The frequency indicates persistent, automated probing and attack attempts against council systems.
### Lateral Movement
- Not detailed, as the report focuses on the volume of attempts rather than a successful penetration resulting in system-wide compromise.
### Data Exfiltration/Impact
- No specific successful data exfiltration or major impact details are provided; the focus is on *attempts* and the resulting need for increased defense.
### Detection & Response
- **Detection:** Implied through ongoing monitoring due to the sheer volume (20,000 daily attempts).
- **Response actions taken:** Allocation of additional funding for 2025/26 to enhance cyber defense infrastructure; implementing anti-phishing measures and enhanced firewall protection; planning ongoing staff training.
## Attack Methodology
The article describes a sustained, high-volume attack environment rather than a single TTP chain for a successful intrusion.
- Initial Access: Explicitly mentioned **phishing** attempts.
- Persistence: Not applicable/Not detailed.
- Privilege Escalation: Not applicable/Not detailed.
- Defense Evasion: Implied as part of the volume of automated attacks trying to bypass current defenses.
- Credential Access: Implied risk associated with phishing attempts.
- Discovery: Not applicable/Not detailed.
- Lateral Movement: Not applicable/Not detailed.
- Collection: Not applicable/Not detailed.
- Exfiltration: Not applicable/Not detailed.
- Impact: Not detailed (Focus is on preventing impact).
## Impact Assessment
- Financial: Allocation of additional funding to cyber defenses (£124,000 Digital Inclusion Strategy includes security enhancements).
- Data Breach: No confirmed data breach detailed in this report.
- Operational: Potential for high operational disruption if these numerous attacks were successful; currently necessitating proactive defense spending.
- Reputational: Increased public awareness due to the high volume of threats faced by the council.
## Indicators of Compromise
- Network indicators: None specified (Attacks described generally).
- File indicators: None specified.
- Behavioral indicators: High volume of unsolicited connection attempts/probes targeting council infrastructure; high incidence of **phishing** social engineering campaigns.
## Response Actions
- Containment measures: Enhanced **firewall** measures implemented.
- Eradication steps: Not detailed as a post-breach measure, but focuses on ongoing prevention.
- Recovery actions: Updating and enhancing digital infrastructure post-incident assessment.
## Lessons Learned
- The public sector, specifically local councils, faces extremely high and persistent threat landscapes (20,000 attempts daily).
- Investment in cybersecurity infrastructure must be continuous and strategic.
- Staff training, particularly on identifying phishing, remains a critical defense layer.
- Neighboring public sector entities (British Library, NHS Trust) are facing similar pressures, indicating systemic risk.
## Recommendations
- Immediately deploy enhanced anti-phishing solutions company-wide and mandate recurring, targeted phishing simulation and training programs.
- Review and harden perimeter defenses, particularly firewalls and email gateways, against known automated attack patterns.
- Ensure adequate budget allocation for infrastructure hardening commensurate with the scale of the threat environment (20,000 daily attempts requires robust, always-on defense).
- Increase security vigilance across all Council departments, acknowledging the systemic exposure of public institutions.