UK DfT wants trains with public WiFi but commuters could be faced with ransomware attacks
Intel Security experts have uncovered that the 'next step' for ransomware will involve hackers targeting public WiFi Reuters

The UK Department of Transport (DfT) is currently running a programme that offers train operators funding to implement public WiFi on trains. However, a Freedom of Information (FOI) request obtained by the IBTimes UK, has revealed that the DfT has not imposed any sort of mandatory cybersecurity guidelines for train operators to adhere to, potentially leaving commuters exposed to insecure public Wi-Fi.

Security experts believe that given the lack of proper security protocols in place, hackers may mount ransomware attacks at unsuspecting commuters.

A spokesperson for the DfT said, "The DfT has not linked receiving funding for the on-train Wi-Fi with including a specific cyber security strategy. Our expectation is that train operators will consider this as part of their overall assessments, and upon review of the RSSB and DfT guidance.

"The DfT is currently working with partners in government and industry to assess the vulnerability of current and future rail systems and assets in particular related to cyber security."

Intel Security experts have uncovered that the "next step" for ransomware will involve hackers targeting public WiFi. This indicates that users accessing insecure public WiFi networks may likely be targeted with ransomware attacks. Intel Security ran a demo using a fake WiFi hotspot that showed that anyone accessing the network could end up a potential target of ransomware.

Raj Samani, CTO EMEA Intel Security, told IBTimes UK, "Our Advanced Threat Research team developed a bogus Wi-Fi access point that could be planted in a high traffic location within a business section of a community. If placed, for instance, in a coffee shop, the device could lure patrons to access the internet through its connection.

"As in previously demonstrated fake hotspot demos, a man-in-the-middle attack could be executed to secure a victim's information including payment information or bank account credentials. In our ransomware-focused scenario, we were able to prove that an unsecure, public Wi-Fi connection could take users to a login or fake authorisation page before then using those pages to infect the patrons' computers with ransomware."

Public Wifi – the convenience vs the risks

Given the rapid expansion and implementation of public Wi-Fi infrastructures, it is safe to say that the service is highly sought after. According to a report by ZDNet, a survey conducted by Xirus, a Wi-Fi networks firm, on 2,000 business users revealed disturbing information. The survey revealed that while 91% of respondents believe public Wi-Fi to be insecure, 89% said they would use it regardless.

Xirus also found that nearly 50% of those using public Wi-Fi on a regular basis said that their firms had not provided them with any cybersecurity training in the past year. Additionally, almost 30% of respondents were not even aware of ransomware as a threat.

The lack of user awareness, coupled with poor and inadequate security, as evidenced by the DfT's previous comments, could lead to serious consequences in the future.

How ransomware attackers can use public Wi-Fi to target businesses

Intel Security's demo highlighted that ransomware developers leveraging public Wi-Fi can not only target individuals but also go after businesses. Samani explained that users can be hit with ransomware that lies dormant for a brief period. The malware can then be activated later, at an opportune time, to infect systems.

"The code does not activate to immediately hold the victim's system for ransom," Samani said. "Instead, the ransomware remains dormant on the user's system until the victim returns to his or her place of work. Once the user has logged on to the corporate network, the ransomware activates and seeks out industrial equipment connected to the network. The ransomware is then able to propagate across the network and find a system that sends commands to vital equipment, for instance, shutting down a factory's machinery to halt the organisation's production.

"An email is then sent to the victim who initially transported the ransomware from the public Wi-Fi hotspot to the business network. The perpetrators behind the scheme demand a payment in order to restore the organisation's production and other business operations."

How to stay safe while using public Wi-Fi

There are various steps that both those using public Wi-Fi and businesses offering the services can adopt, to ensure that networks can be used securely.

Samani said, "There are many considerations to bear in mind when rolling out secure Wi-Fi access to the public. While some of these are simple to achieve, such as locking down the access points, others can be more challenging. As one example, organisations should address the potential threat of an external rogue access point. This is an access point controlled by an attacker and designed to trick users into connecting with it by using the same SSID (Service Set Identifier) – essentially a network name – as the legitimate network, and boosting the signal of the rogue access point. The process of looking out for this kind of access point requires continuous monitoring."

Moreover, users can use a VPN (Virtual Private Network), which would encrypt all the data within their systems. This would ensure the safety of users' data, even in the event that a hacker has managed to gain access to it.

"Free WiFi hotspots are a breeding ground for hackers and our latest demo has uncovered that there is a potential new threat set to hit users of public WiFi," Samani added. "Commuters should be especially careful not to exchange payment information over public Wi-Fi. I severely hope that despite the lack of mandatory guidelines, each individual train operator puts strict security measures in place to protect commuters who access their WiFi."