Cyber criminals in the frame after National Portrait Gallery is hit with 350,000 email attacks

London's leading art gallery hit with over 100,000 cyber attacks every month, including phising scams, spam emails, malware and viruses. Andy Heather VP at Centrify warns that attacks could be used to steal confidential membership data

by Patrick Sullivan, Political Editor on 10 February 2020 11:30


The National Portrait Gallery, one of London’s most prestigious art galleries, was targeted by 347,602 emails containing spam, phishing and malware attacks in the final quarter of 2019, according to official figures. The data, obtained under the Freedom of Information Act by the Parliament Street think tank, underlines the threat posed to the capital’s museums by malicious hackers who are intent on stealing membership data from tourist hotspots.

Of the 347,602 blocked email attacks, 56 per cent (194,620) were identified as Directory Harvest Attacks (DHA).

A DHA is an attempt to determine the valid e-mail addresses of employees or individuals associated with an organisation’s server so that they can be added to a spam database. Additionally, 61,710 emails were blocked as the sender belonged to a ‘threat intelligence blacklist’.

A further 85,793 emails were intercepted as they were believed, or confirmed, to have contained spam content. Spam can contain anything from unsolicited marketing content to more dangerous phishing attempts or malware, designed to breach data or gain access to private information. 418 emails were listed as being blocked for containing a virus, which is a malicious form of malware designed to corrupt data or infect computer software.

The National Portrait Gallery receives between 1.1 million to 2 million visitors every year, and many of these visitors, including members and patrons, have private information such as payment details and email addresses stored on its servers.

Andy Heather, VP, Centrify told The Commentator, “These figures paint a worrying picture of the volume of malicious email attacks designed to trick unsuspecting staffers into handing over confidential data such as passwords and log-in credentials. The National Portrait Gallery is an incredibly popular destination for tourists, attracting millions of visitors and members every year, which unfortunately makes it a top target for hackers and cyber criminals seeking to use legitimate, often stolen, credentials to gain access fear of detection.

Heather continued, “Addressing this threat means ensuring a zero-trust approach to employee communication, ensuring suspicious emails are spotted and full checks are made so that managers can be sure all staffers are who they say they are.”

blog comments powered by Disqus