SCOTTISH PARLIAMENT has been struck by a "brute force attack" which saw hackers attempting to seal MSPs' email credentials. The attack comes just weeks after MPs in Westminster were targeted in a similar fashion.
Officials at Holyrood claim that no accounts were compromised in the attack, although they have warned MSPs to update and strengthen passwords.
"The parliament's monitoring systems have identified that we are currently the subject of a brute force cyber-attack from external sources," Sir Paul Grice, chief executive of the Scottish Parliament, warned in an internal bulletin to MSPs and staff.
"This attack appears to be targeting parliamentary IT accounts in a similar way to that which affected the Westminster parliament in June. Symptoms of the attack include account lockouts or failed log-ins.
"The parliament's robust cybersecurity measures identified this attack at an early stage and the additional security measures which we have in readiness for such situations have already been invoked. Our IT systems remain fully operational."
Intriguingly, he claimed that IT staff at the Scottish Parliament had analysed passwords used and found that too many were ‘simple' and easy to crack in a brute force attack.
"The number of simple passwords identified is too high for us to contact each individual personally," he said.
The attacks on Westminster MPs' email accounts in June, meanwhile, has been blamed on hackers linked with the Russian government. Up to 90 email accounts are said to have been compromised in that series of attacks, in which MPs were locked out of their accounts as a precaution in response.
A security source at the time told The Guardian: "It was a brute force attack. It appears to have been state-sponsored… [But] the nature of cyber-attacks means it is notoriously difficult to attribute an incident to a specific actor."
"A brute force attack is a tale as old as time and relies on one of the weakest areas of security - passwords," said Dr Jamie Graves, CEO at security firm ZoneFox, told Computing.
"That the Scottish Parliament's security measures were able to keep systems operational is a case in point of how important it is to be in a position to rapidly identify attacks and stop them in their tracks.
"The hackers may have been thwarted this time, but there's nothing to say they won't be back. That the IT department will force a change on weak passwords is a good, proactive measure.
"However, this isn't a failsafe... unquestionably all staff will heed Sir Paul Grice's request to remain vigilant. A united, digitally alert team is one of the greatest tools organisations can deploy in their fight against hackers."
This attack comes just weeks after the Scottish government fessed up to being whacked by two ransomware attacks in the past year. µ
A whole new way to be tied to your ISP
Search giant puts Epyc chips at the heart of its datacentre servers
Notch-equipped handset quickly overtakes its cheaper siblings
Good news for developers; a collective shrug for everyone else