Back on June 23rd this year, a cyber-attack hit the email accounts of a large number of MPs, including senior ministers and the Prime Minister herself,
Theresa May. The attack was made on the network used by MPs to interact with their constituents.
Back in June when the attack was first reported it was thought that it was a state sponsored attack originating from Russia, however according to new reports
released today in the Guardian citing British Intelligence, it looks as if that information was wrong and the attack actually came from Iran.
Despite all of the skills and technology available to the authorities, it still took almost 4 months and we assume, a large portion of taxpayer’s money
to investigate, which goes to show how difficult and expensive an investigation into an attack of this nature can be.
We spoke in our previous blog about Privileged Account Management (PAM)
and why it’s important for organisations to look seriously at PAM as a way to prevent cyber-attacks and increase operational efficiency within IT.
We spoke about privileged accounts being those that belong to users with access to a lot of sensitive information or business critical system accounts,
however in this instance, the privileged accounts we speak of are the email accounts of the MPs who are sharing sensitive information with their constituents
and other senior ministers.
The report indicates that the attack was a brute force attack targeting weak passwords and this may be connected to another report that cabinet ministers’
passwords were seen for sale online. This initially makes us think that the passwords were stolen for quick financial gain, however other more sinister
actions such as blackmail could also come into play putting the whole country at risk.
Since the attack took place it has been indicated that the compromised emails did indeed have weak passwords, despite users being advised of the dangers.
Changes to these accounts have since been made, however for obvious reasons the details of exactly what those changes were haven’t been publicised.
We live in hope that more has been done other than additional ‘advice’ and a password reset as there is much more that is available to boost defences against
exactly these crimes.
Utilising a PAM solution will obviously help, as this will make the passwords of privileged accounts longer and much more complex, meaning that it will
become almost impossible to crack. The following link will take you to a free tool offered by one of our partners, that will help you identify where
your weak passwords are – Weak Password Finder
Other technology available to boost defences includes Two-Factor Authentication which will offer an additional layer of security, making things vastly
more difficult for hackers. This will impact on user experience but when you consider what is at stake is an extra 30 seconds to log-in really too
much to ask?
In McAfee Lab’s Threats Report published in April 2017, they found that 13% of all network attacks were brute force attacks, and this isn’t surprising
when you consider how readily available brute force attack software is. Aircrack-ng, Hashcat, L0phtCrack, Ophcrack and RainbowCrack are available to
use without having to put too much effort in to find them.
This further accentuates the need for deeper security defences like PAM and Two-Factor Authentication. When you consider what’s at stake can you really
afford not to?