UK Parliament hit with 3 million email attacks every month

Cyber fears for Prime Minister Boris Johnson with a sharp rise in the number of cyber attacks and malicious emails targetting Members of Parliament, according to new official data

by Patrick Sullivan, Political Editor on 23 November 2020 09:32

Boris_johnson_tim_sadler_tessian

Members of Parliament (MPs) have been targeted by 22,321,459 malicious email attacks over the last 8 months, from 1st January to 31st August – averaging out at roughly 2,790,182 attacks per month.

The attacks, which were all successfully blocked, include emails suspected of being phishing, spam and malware. The data was obtained via a Freedom of Information (FOI) act request from a Parliament Street think tank.

In comparison, last year’s Parliament Street report showed just 1,747,759 monthly average attacks were aimed at MPs. This means there has been a rise of nearly one million email attacks per month, or 60 per cent increase when compared to last year’s figures.

This surge in cyber attacks comes following Parliament’s 2019 announcement that it had implemented a two-year programme dedicated to building and maintaining ‘cyber capabilities’, and reducing risk facing staff and data.

However, it is likely that Covid-19, and the attention it has drawn to the government, has been the cause for this anomalistic surge in cyber attacks. In an effort to further address this issue, researchers observed that the House of Commons recently advertised a job opening for a new Director of Security for Parliament.

The job description described ‘cyber security’, as well as physical and personal protection, as a core component of the role. Cyber attacks on Parliaments around the world have become an increasingly common occurrence. In September 2020, the Norwegian Parliament disclosed a cyber-attack on its internal email system.

On 23 June 2017 the UK Parliament suffered a cyber attack, with 26 users of the parliamentary had their accounts directly compromised. The included constituency offices, a member of the House of Lords, as well as personnel and administrators.

Additionally in May 2015 up to 20,000 computers operated by staff in the German Parliament were infected by a cyber-attack.

Cyber expert Tim Sadler, CEO, Tessian told The Commentator: "These findings highlight the sheer scale of the threat that all businesses are facing. With millions of malicious emails being sent, the odds that one might work are high - especially if they are carefully crafted to evade detection. It just takes one busy and stressed employee to miss the cues or one very convincing message for cybercriminals to breach an organisation's security and access highly sensitive information.

Sadler continued, "Hacking humans on email is still the easiest way for cybercriminals to hack into organisations and institutions. Governments, therefore, need to protect their people from falling for phishing attacks, putting solutions in place to automatically detect threats and educating employees on threats like social engineering attacks. Failure to do so and the fallout could be disastrous, as cybercriminals get their hands-on sensitive data and gain illegal access to officials' email accounts. Consider the damage that could be caused should a hacker successfully take over an MP's email account. The threat of phishing isn't going away any time soon, but organisations can find ways to proactively prevent their people from falling for the scams."

Cyber chief Andy Harcup, VP, Absolute Software added, “Members of Parliament have been under added pressure over the last year, as the coronavirus continues to disrupt services, society and cause havoc for the general public. As a result, cyber attackers have attempted to infiltrate some of the most confidential data imaginable, governmental data, by overloading MPs with malicious phishing, scam or malware attacks, in an attempt to use times of national crisis to their advantage.

Harcup continued, “Unfortunately, working from home has made it much harder to combat this growing threat, and governmental departments must seriously consider adopting robust end point security which enables full visibility, control and access to an entire network of dispersed endpoints. This would mean a central IT manager could ensure public sector devices are kept as secure as possible, from anywhere in the country.”

Comments
blog comments powered by Disqus