Northern Ireland’s parliament, Stormont, has been hit with a sustained brute force cyber attack in which “a number of accounts” were hacked before being disabled by Stormont’s IT services, the head of IT at Stormont told staff this morning.
In an email leaked to the press he warned everyone to change their passwords and “be vigilant”. The email added that his IT team was working with Microsoft and the National Cyber Security Centre to monitor the issue.
The attack comes as the City of Atlanta in the US remains “crippled” after a ransomware attack that left officials filling in forms by hand, court appearances cancelled and people seeking water supplies having to do so face-to-face.
The attacks are not yet believed to be related.
Today, six days after the attack shut down the City of Atlanta’s online systems, officials are telling employees to turn their computers and printers back on for the first time. But in a series of tweets this morning from the city’s official @Cityofatlanta account, officials said that all court appearances were being “reset”, job interviews cancelled and customers applying for “water service” must “apply in person at one of two walk in locations.”
“The safety and security of our employees and customers remains our top priority. We are working around the clock to work through this ransomware cyberattack and we ask for your patience as we implement business continuity measures,” Mayor Keisha Lance Bottoms said in a statement. “I want to thank the Department of Atlanta Information Management, my senior team, our federal partners, Microsoft and Cisco for their hard work and focus on this issue.”
Few details about the attack have emerged. Authorities have only confirmed that the city experienced a ransomware cyberattack and city officials received a written demand. At a press conference yesterday, the Mayor said that hackers had asked for $51,000.
Responding to this morning’s Stormont attack meanwhile, Eduard Meelhuysen, Head of EMEA at security specialists Bitglass said: “Staff should be updating their passwords with a stronger combinations of letters, numbers and special characters following this attack. Every additional character in a password increases the number of possible combinations, making brute-force attacks on long passwords far harder for hackers to crack. But increasingly the complexity of a password also makes it much harder for people to remember, hence why password123456 is still the most popular password today.”
Almost half of organisations don’t change following cyber attack
FTC to probe into Facebook policies
Russia accused of infrastructure cyber attacks
He added: “Rather than advising users to create random strings of letters and words passwords, we should be recommending the use of passphrases. These will still be lengthy, but made up of real words, so easier to remember. It might seem simple, but the truth is, if a password takes too long to crack, hackers will simply move onto the next batch.”