Sign up for our newsletter
Technology / Cybersecurity

UK parliament hit by cyber attack targeting MPs email accounts

The UK parliament was hit with its biggest cyber attack on Friday, by hackers who attempted to gain access to the email accounts of MPs.

The attack hit almost 90 email accounts, which were all compromised during the attack.

According to a parliamentary spokesperson, the attack lasted 12 hours, leaving MPs unable to access their emails.

In an interview with Press Association, Tory MP Andrew Bridgen said that an attack like that which hit UK parliament could “absolutely” leave some people open to blackmail and “constituents want to know the information they send to us is completely secure.”

White papers from our partners

It is believed that the affected network is used by all members of the parliament, including the Prime Minister Theresa May and all cabinet ministers.

In a statement released by parliament after the attack, a spokesperson said: “Parliament has robust measures in place to protect all of our accounts and systems, and we are taking the necessary steps to protect and secure our network.

“As a precaution we have temporarily restricted remote access to the network.”

The action taken to restrict all remote access to the network seemed to be the only option as the attack, which was described as a “brute force” attack, could have resulted in blackmail.

Anurag Kahol, CTO at Bitglass, said: “Since the UK Parliament disabled email access for even legitimate users, these attackers have effectively achieved a denial of service attack.

“Strong authentication policies, including multifactor authentication, combined with user behaviour analytics not only within applications, but across applications, could have prevented the need to block users from being able to access work applications.

“This holds especially true for cloud based applications which, by definition, are available from any device, anywhere.”

The attack, which targeted over 9,000 people with email accounts connected to the parliament’s network, comes just weeks after 48 UK NHS trusts were victims of a cyber-attack.

Read more:NHS held to ransom as massive cyber attack hits hospitals nationwide

Andrew Clarke, UK Director at One Identity, said: “It appears that the parliament IT team have done a good job in closing down access to their email systems – this would serve to protect them until the nature of the intrusion is understood.

“This may be inconvenient for MP’s wishing to access emails over the weekend, but we should acknowledge the pro-active response taken here is actually protecting their environment.”

Both House of Parliament will meet today as planned and according to officials, plans are currently being put in place to resume its wider IT services.
This article is from the CBROnline archive: some formatting and images may not be present.