CyberCrimeSecuritySecurity Management

Scottish Parliament Confirms Brute Force Cybersecurity Incident

Tom Jowitt is a leading British tech freelance and long standing contributor to TechWeek Europe

IT systems at Scottish Parliament suffers similar cyber-attack to recent Westminster assault

The Scottish Parliament has been hit in a ‘brute force’ cyber attack from ‘external sources’, officials have confirmed to Silicon UK.

It seems that the attack focused on MSPs and staff with parliamentary email addresses, and officials warned of potential account lockouts and failed log-ins.

The attack was similar to the assault on the British Parliament in Westminster in late June. That cyber attack had targetted MP’s email accounts and caused havoc with government communications.

Scottish Parliament Building Hollyrood

IT Incident

The Scottish Parliament confirmed the “IT incident” to Silicon  via email.

“The Parliament’s monitoring systems have identified that we are currently the subject of a brute force cyber-attack from external sources,” Paul Grice, the Clerk/ Chief Executive said in a statement.

These brute force attacks typically see hackers repeatedly attempting to access systems by trying a range of different passwords. They hope trial and error attacks will eventually result in guessing the correct password.

What is your biggest cybersecurity concern?

  • Ransomware (28%)
  • Humans / Social Engineering (27%)
  • State sponsored hackers (14%)
  • Malware (14%)
  • Other (7%)
  • Out of date tools (6%)
  • DDoS (4%)

Loading ... Loading ...

“This attack appears to be targeting parliamentary IT accounts in a similar way to that which affected the Westminster Parliament in June,” Grice added. “Symptoms of the attack include account lockouts or failed log-ins.”

However it seems that the Scottish IT systems coped well with the attack.

“The Parliament’s robust cyber security measures identified this attack at an early stage and the additional security measures which we have in readiness for such situations have already been invoked,” Grice said. “Our IT systems remain fully operational.”

IT officials then warned staff to remain vigilant and report any suspect issues as soon as they become aware of them.as well as to take particular care when opening any emails from external sources.

Staff were also advised to change their network account passwords, which are now subject to stricter rules. Those with weak passwords will be forced to change them.

The Scottish Parliament is also expected to issue an update later this afternoon about the attack.

 

Quiz: Are you a security pro?