Scottish Parliament Repels Brute-Force Email Hackers

Hackers have been targeting the Scottish Parliament in a “brute force cyberattack,” parliament officials say.

The Scottish Parliament, known as Holyrood – for the section of Edinburgh in which it is located – this week alerted the 129 Members of the Scottish Parliament, or MSPs, as well as staff, that their email accounts were being targeted in unauthorized login attempts.

The attacks remain ongoing, IT systems remain fully functional and that there is no evidence that any of the unauthorized access attempts have succeeded, a spokeswoman for Holyrood tells Information Security Media Group.

As soon as the attack was detected, “various cybersecurity measures were quickly deployed to combat this and, as a result, we have seen the frequency of failed log-ins and account lockouts decrease,” Paul Grice, chief executive of the parliament, said in a Tuesday warning to MSPs and staff, which Holyrood shared with ISMG.

“At this point there is no evidence to suggest that the attack has breached our defenses and our IT systems continue to be fully operational,” Grice added. “Users should be aware, however, that this attack remains ongoing. It is not uncommon for brute force attacks to be sustained over a period of days so it is essential that IT account users are vigilant and report any suspicious issues to the [help desk].”

Britain’s computer emergency response team, the National Cyber Security Center – part of the GCHQ intelligence agency – has been assisting in the response effort. “The NCSC is aware of a cyber incident involving the Scottish Parliament and has been working with their digital security team,” the agency says in a statement.

The email accounts targeted in the attacks, which use the “parliament.scot” domain, are Office 365 accounts hosted by Microsoft, Holyrood tells ISMG.

“This looks to a be a fairly standard scanning attack on accounts, where a tool continually tries different passwords for given logins,” Bill Buchanan, a professor of computing at Edinburgh Napier University, tells ISMG. “The system will normally give a lock-out on a number of incorrect logins, and, if not managed correctly, will also lock-out the user for a given amount of time – or permanently, until there is a reset on the account, in some cases.”

Grice says the parliament is looking at strengthening its defenses and that “analysis is taking place to better understand the origin of the attack and to assess its overall impact.”

Continue reading…