Scottish Parliament hit with 'brute force' cyber attack

The attack is thought to mirror the hack on Westminster in June

The Scottish parliament has been hit by a "brute force" cyber attack according to an internal memo, an attack that was almost identical to the one that hit Westminster's email system in June.

Holyrood officials were warned on Tuesday that hackers had repeatedly tried to break past authentication screens to internal accounts by entering random passwords, although there has been no evidence that the attack succeeded.

An internal memo, issued by Holyrood chief executive Sir Paul Grice and seen by the Guardian, warned that the attack may have resulted in MPs and staff being locked out of their email accounts.

"This attack appears to be targeting parliamentary IT accounts in a similar way to that which affected the Westminster parliament in June. Symptoms of the attack include account lockouts or failed log-ins," wrote Grice.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

He added that the parliament's "robust cyber security measures" were able to identify the attack early, and that additional security safeguards were deployed before accounts were compromised.

However, he also said that a sweep of email accounts found that many officials were using passwords that were too weak and easily bypassed.

Following the cyber attack against Westminster email accounts in June, in which only 1% of accounts were reportedly accessed, it is likely Holyrood was on high alert in the event of a similar attack.

Jon Geater, CTO of Thales E-security, said that public bodies need to be treating cyber security as something more than a box-ticking exercise. "This latest brazen attempt to access sensitive information shows that no holds are barred in this fight: even guessing of information is on the table, and, if it fails, it will still lock out users and cause havoc."

"With such crippling effects to a government's bottom line and public reputation, the risk of falling victim to a severe cyber attack is without doubt depriving today's business leaders of much-needed sleep," added Geater. "A watertight data security and encryption strategy to ensure data privacy is now an indispensable element of an organisation's wider cyber security strategy."

Early investigation reports suggested that Russia could have been behind the attack on the UK Parliament, and although it is currently unclear who was responsible for yesterday's attempted hack, it deployed the exact same brute force methods to bypass weak passwords. 

Advertisement - Article continues below

Image: Bigstock

Featured Resources

Digitally perfecting the supply chain

How new technologies are being leveraged to transform the manufacturing supply chain

Download now

Three keys to maximise application migration and modernisation success

Harness the benefits that modernised applications can offer

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

The 3 approaches of Breach and Attack Simulation technologies

A guide to the nuances of BAS, helping you stay one step ahead of cyber criminals

Download now
Advertisement

Most Popular

Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
Visit/microsoft-windows/32066/what-to-do-if-youre-still-running-windows-7
Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
Visit/policy-legislation/general-data-protection-regulation-gdpr/354577/data-protection-fines-hit-ps100m
General Data Protection Regulation (GDPR)

Data protection fines hit £100m during first 18 months of GDPR

20 Jan 2020
Visit/web-browser/30394/what-is-http-error-503-and-how-do-you-fix-it
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020