National Portrait Gallery hit by 350,000 email attacks in three months

Majority of attacks said to be targeting employee accounts and associates of the gallery

The National Portrait Gallery was targeted by 347,602 emails containing spam, phishing and malware attacks in the last quarter of 2019, a freedom of information (FOI) request has revealed.

Over half of the emails, 194,620, were identified as being directory harvest attacks (DHA), a technique used to harvest valid email addresses belonging to employees and associates of the gallery, according to data collected by think tank Parliament Street.

Related Resource

Strengthen your defences against cybercrime

Cyber resilience planning for email

Download now

The gallery also blocked 61,710 emails from senders flagged as belonging to a "threat intelligence blacklist". A further 85,793 emails were intercepted as they were believed to have contained spam content - which is anything from unsolicited marketing to serious phishing and malware. According to the figures, 418 of the emails contained a virus of some kind.

"These figures paint a worrying picture of the volume of malicious email attacks designed to trick unsuspecting staffers into handing over confidential data such as passwords and log-in credentials," said Andy Heather, VP of security firm Centrify.

"The National Portrait Gallery is an incredibly popular destination for tourists, attracting millions of visitors and members every year, which unfortunately makes it a top target for hackers and cyber criminals seeking to use legitimate, often stolen, credentials to gain access fear of detection."

Stolen employee credentials are a global problem for all businesses. Last year, figures from Google's Password Checkup report suggested that 1.5% of all sign-in attempts were being made using details compromised during a data breach.

"Addressing this threat means ensuring a zero-trust approach to employee communication, ensuring suspicious emails are spotted and full checks are made so that managers can be sure all staffers are who they say they are," Heather added.

In 2017, London art dealers were defrauded out of hundreds of thousands of pounds after hackers successfully breached company email accounts to monitor correspondence between clients. The incident resulted in fresh cyber security guidance being issued by the Society of London Art Dealers, as well as tips for avoiding email fraud.

Featured Resources

Digital document processes in 2020: A spotlight on Western Europe

The shift from best practice to business necessity

Download now

Four security considerations for cloud migration

The good, the bad, and the ugly of cloud computing

Download now

VR leads the way in manufacturing

How VR is digitally transforming our world

Download now

Deeper than digital

Top-performing modern enterprises show why more perfect software is fundamental to success

Download now

Recommended

Bank-targeting malware disguises itself as video conferencing software
Security

Bank-targeting malware disguises itself as video conferencing software

19 Oct 2020
Your essential guide to internet security
Security

Your essential guide to internet security

23 Sep 2020
Best free malware removal tools 2020
Security

Best free malware removal tools 2020

21 Sep 2020
'NetWalker' ransomware explodes thanks to 'as a service' expansion
ransomware

'NetWalker' ransomware explodes thanks to 'as a service' expansion

4 Sep 2020

Most Popular

The top 12 password-cracking techniques used by hackers
Security

The top 12 password-cracking techniques used by hackers

5 Oct 2020
iPhone 12 lineup official with A14 Bionic chip and 5G support
Mobile Phones

iPhone 12 lineup official with A14 Bionic chip and 5G support

13 Oct 2020
Google blocked record-breaking 2.5Tbps DDoS attack in 2017
Security

Google blocked record-breaking 2.5Tbps DDoS attack in 2017

19 Oct 2020