‘Hacking groups have the transport network firmly in their sights’: Network Rail is battling a torrent of cyber threats
FoI requests have revealed that the rail operator is under increasing attack, as cyber criminals set their sights on the transport sector
Network Rail is fighting off millions of cyber attacks every month, according to new research, as experts warn of a rising tide of threats facing public services.
Freedom of information (FoI) requests show the organization blocked over 7.1 million malicious emails between December 2025 and March this year.
Of the 7,129,314 email attacks blocked by Network Rail, 331,352 were phishing emails, 1,412 were malware-laden emails, 2,066,392 were spam emails, and 4,730,158 were edge blocked emails.
This all adds up to an average of more than 800,000 attacks per day, including around 37,000 phishing attempts.
“With so many people in the UK depending on public transport for their daily lives, a successful cyber attack could cause significant disruption, such as potentially stopping people from getting to work," warned Simon Edwards, CEO of SE Labs.
"Therefore, it’s vital that our public sector organizations have a dedicated cyber strategy put in place and ensure rigorous testing to identify any security holes and keep hackers at bay.”
Just last week, two members of the hacking group known as Scattered Spider pleaded guilty over their involvement in an attack on Transport for London (TfL) systems.
The attack forced all 28,000 employees to attend a TfL office for a password reset and led to a reported £29 million in losses and recovery costs.
"As we've seen from the recent Scattered Spider convictions, hacking groups have the transport network firmly in their sights. A single successful cyber attack on the rail network could drive Britain to a halt, operationally and economically," said Graeme Stewart, head of public sector at Check Point.
"The transport network is also a treasure trove of personal and financial data, something unscrupulous criminals are eager to get their hands on. That’s why it's vital that our roads, rail and aviation systems are fully protected with the latest cyber defenses to keep hackers locked out."
What happened with the Network Rail cyber attack?
In 2024, Network Rail suffered a cyber attack on its WiFi systems that saw commuters who logged in at affected stations receive information pertaining to terrorist attacks in Europe, as well as a message stating “we love you Europe”.
The attack is believed to have taken place through a third-party service provider, Telent, which managed Network Rail's WiFi services.
More recently, train operator LNER said a cyber attack had led to unauthorized access to files managed by an unnamed third-party supplier.
Travel networks, particularly rail services, are among the top targets for cyber criminals and state-sponsored groups due to the critical role they play in the British economy, according to research conducted last year.
The UK's Department for Science, Innovation and Technology (DSIT) released a report from KPMG that concluded a major attack on the rail network could cost £1.8 billion for a one-week period of disruption.
The direct financial cost to Network Rail would, it concluded, cost around £123 million, with the cost to passengers due to delays adding up to about £281.3 million.
Notably, the impact on Gross Value Added (GVA) could be as much as £1.397 billion, representing approximately 2.8% of the UK’s weekly GDP and 0.05% of annual GDP.
FOLLOW US ON SOCIAL MEDIA
Follow ITPro on Google News and add us as a preferred source to keep tabs on all our latest news, analysis, views, and reviews.
You can also follow ITPro on LinkedIn, X, Facebook, and BlueSky.
-
Energy providers are flying blind thanks to unpredictable AI data center demandsNews Research from Capgemini has found that uncertainty, speed constraints, and rising system complexity are leaving firms struggling to predict future consumption
-
Wasabi launches cloud sustainability tracker scheme for partners and MSPsNews The new program enables partners to track customers’ cloud storage emissions and invest in high-integrity climate projects
-
‘This operation marked a shift in strategy’: Three notorious malware networks have been taken down using RICO legislationNews The action involved the use of US racketeering laws to treat two malware families as part of a single conspiracy
-
‘They risk damaging confidence’: A Canadian health board outraged staff with phishing tests offering paid leave – experts say it shows why you need to be careful with cyber awareness campaignsNews Phishing tests require a delicate touch, emulating realism while not “exploiting goodwill”
-
Duo accused of role in TfL cyber attack plead guilty after ‘lengthy, highly complex, and painstaking investigation’News Around 10 million people are believed to have been affected by the TfL cyber attack
-
Hackers are capitalizing on AI hype to ramp up social engineering attacks – and they're using big brands like Anthropic, OpenAI, and DeepSeek as ‘bait’ to lure victimsNews Microsoft says cyber criminals are impersonating popular AI platforms to deliver malware
-
Developers urged to remain vigilant amid continued Miasma malware risksNews The Miasma malware package uses legitimate OIDC tokens, making it indistinguishable from routine code updates
-
Claude users beware, hackers are using a fake website to dupe developers and deliver malwareNews 'Beagle' is deployed through a Dynamic Link Library (DLL) sideloading chain, and gives attackers remote access to the system
-
Beware of emails threatening a code of conduct review
News A widespread phishing campaign has targeted tens of thousands of employees
-
‘The inbox is no longer the only frontline’: Phishing attacks are evolving as cyber criminals ramp up ‘multi-channel’ campaigns over email and Microsoft TeamsNews New research shows threat actors are ramping up “multi-channel” phishing attacks by combining lures via email and Microsoft Teams
