lolloj - Fotolia
Cyber attackers have reportedly tried to steal the email credentials of Scottish MPs in a brute-force attack just over seven weeks after a similar 12-hour assault aimed at Westminster MPs.
In both cases, attackers attempted to access the email accounts of MPs by trying to crack their passwords using an automated trial-and-error process.
Holyrood officials said no email accounts had been compromised, but MPs have been advised to strengthen their passwords after many were found to be using weak ones, reports The Guardian.
In the Westminster attack, officials said “significantly fewer” than 90 of the 9,000 accounts on the parliamentary network had been compromised as a result of the use of weak passwords that did not conform to guidance issued by the Parliamentary Digital Service.
Holyrood staff members were reportedly warned about the cyber attack in an internal email by their chief executive, Paul Grice, who warned of potential email account lockouts or failed log-ins.
“The parliament’s monitoring systems have identified that we are currently the subject of a brute-force cyber attack from external sources,” said Grice.
“The parliament’s robust cyber security measures identified this attack at an early stage and the additional security measures which we have in readiness for such situations have already been invoked. Our IT systems remain fully operational.”
Although the identity of the Westminster attackers has not yet been confirmed, the hackers are believed to be aligned with Russia or North Korea.
Read more about password security
- GCHQ’s guidance on password policy covers some of the most pressing issues facing UK businesses and employees today, according to Skyhigh Networks.
- Fingerprint scanning technology is the most favoured biometric security alternative to passwords for UK bank customers.
- Twitter announces a service that enables users to replace static passwords with a text message-based one-time passcode service.
Russian-sponsored hackers appear to be the more likely culprits in the light of the fact that Russian hacking group APT28 or FancyBear has been linked with cyber attacks on the German parliament, the White House, Nato, the US Democratic National Committee, and the election campaign of French presidential candidate Emmanuel Macron.
Several other countries, including Ukraine, Norway, the Czech Republic, Bulgaria and Italy, have also reported recent cyber attacks targeting digital infrastructure that are believed to have been the work of Russian hacking groups.
The Westminster attack came just days after it emerged that the passwords and email addresses of UK MPs, parliamentary staff, diplomats and senior police officers had been sold, bartered and then made available for free on Russian-speaking hacking forums.
The National Cyber Security Centre confirmed that its digital security advice had been reissued to government departments following the discovery.