With the recent cyber-attack on parliament and the Petya ransomware looking like a thinly disguised front to a much larger cyber warfare drive, what can we do to prevent cyber-crime in the first place?
June had been a busy month for British parliament. The general elections kicked it off – and they didn’t go entirely to plan. Government had to work hard to form a majority and faced some tough questions in the House of Commons. However, by the end of the month, the Queens’ speech had been delivered and Brexit discussions had finally started. It seemed like Parliament was finally going to have a quiet weekend. Unfortunately, however, hackers had other ideas. The last thing Westminster wanted was a serious cyber-attack.
Over a week later and with further information on their nature and cause, what can we learn from the cyber-attack in Parliament and how can we overcome such threats in the future?
Late on Friday 23rd June 2017, hackers started probing some 9,000 parliamentary email accounts for weaknesses. It was a brute force attack, trying multiple common passwords until one succeeded or, perhaps, reusing passwords discovered in other cyber-attacks. By the time the attack had been discovered, up to 90 email accounts of politicians and parliamentary assistants had been compromised.
The attack on the Houses of Parliament sought to gain access to accounts protected by weak passwords. For hackers, emails are a rich source of personal information; details held within an email account can cover all aspects of the owner’s life – both professional and personal, containing a treasure trove of information. Compromising email accounts are often the first step for an attacker, information held within them can be used to unlock further systems such as bank accounts, social media logins or other accounts. In this case, most worrying is that the email accounts could hold sensitive state information.
Fortunately, however, it seems like the attack was detected early and locked down to prevent further accounts being compromised. Protocol was necessitated, remote access to emails and unspecified services via mobile phone isolated and locked down. Fortunately, only a small percentage of parliamentary emails – around 1% - were compromised and access to other systems were not affected.
Lessons that should be learned
Brute force attacks on passwords are common and worryingly simple. The top passwords include classics such as “password”, “123456” and “letmein”. Just trying a combination of a 100 of these will unlock many systems. Even if you have strong passwords, the temptation is to reuse the same password across many systems but then if one gets compromised, all your accounts are compromised.
The simple answer is to use unique passwords that don’t consist of dictionary words or personal information such as memorable dates or numbers. This can be reinforced with a random combination of letters, upper case, numbers and symbols. It doesn’t really matter how good technology is if we are making it easy for hackers by using weak passwords.
Steps to improve security
Following the attack, questions arose around the vulnerability of the UK’s security systems and its processes. An attack on parliament brought some of our strongest securities into disrepute. Accusations of blame were quickly pointed towards Russia and North Korea, but really the question should be asked: why was it so easy for criminals to gain access to such sensitive information in the first place?
Gmail and Yahoo accounts routinely contain two factor or two step authentications. This uses a login and password as well as a third piece of information, such as a text message sent to a phone, a verification code from an app or a separate software or hardware token. This is easy to set up and I expect such measures to be added to parliamentary systems soon.
A sign of the times
This was not the first cyber-attack this year and is unlikely to be the last. Another type of cyber-attack, Ransomware, has featured on many front pages and caused major disruption over a past few months with global attacks dubbed Petya and WannaCry. In the UK, the latter attack infiltrated NHS trusts; it prevented planned surgery taking place and temporarily closed some Accident and Emergency departments.
Ransomware is a type of malware that encrypts files and demands payment, often in Bitcoin which is difficult to trace. The payment is supposedly in exchange for a key to decrypt the files, therefore, most of these attacks are fuelled for financial reasons.
Petya has caused a major disruption to online infrastructure for thousands across Europe and the US. However, due to the small amount of funds raised in these global attacks, it has been suggested that the Ransomware demands is a disguise for what is actually a new type of cyber-attack. With Petya, the suggested target was the Ukraine as it sustained over 60 per cent of the damage, including reach to the Chernobyl power plant, where radiation readings had to be conducted manually. Rather than extortion, the goal may be to malfunction certain infrastructure and plant the seeds of future sabotage.
Whilst damage limitation is important and most antivirus providers and windows systems have since updated their software to prevent similar infiltrations, preventing an attack in the first place should be the preferred stance.
Keep yourself safe
All the attacks we have seen could have been prevented with a few simple measures in place. Firstly, ensure your computers are kept up-to-date with the latest security versions and antivirus software. Keep regular backups of important documents and information, and ensure these backups are encrypted with a password.
Secondly, upskill yourself to be cyber aware. Learn to recognise phishing emails and don’t click on suspicious links from unverified senders. If you are entering bank details, double check it is the correct website and that your data is safe, as indicated by a padlock symbol in most web-browsers. Finally ensure passwords are robust and unique, and that they cannot be guessed.
Use these simple steps to keep yourself safe online. Cyber-attacks are a growing threat, and cyber criminals are becoming smarter all the time. So must we.
Oz Alashe, CEO and founder, CybSafe
Image Credit: Alexskopje / Shutterstock