Bad actors have targeted the Scottish Parliament with a brute force attack designed to crack weak passwords used by MSPs and staff.In a message sent to MSPs and staff members with parliamentary email addresses, chief executive Sir Paul Grice compared the attack to an assault that targeted the British Parliament in June. It’s unclear whether the same actors are behind this latest campaign. Either way, Grice wrote in his letter that all MSPs and staff should remain vigilant.As quoted by BBC News:“The parliament’s monitoring systems have identified that we are currently the subject of a brute force cyber attack from external sources.“This attack appears to be targeting parliamentary IT accounts in a similar way to that which affected the Westminster parliament in June. Symptoms of the attack include account lockouts or failed logins.“The parliament’s robust cyber security measures identified this attack at an early stage and the additional security measures which we have in readiness for such situations have already been invoked. Our IT systems remain fully operational.”Those responsible for the attack against the British Parliament broke into approximately one percent of the 9,000 emails used at Westminster, reports The Guardian, because their corresponding passwords were weak. Many MPs think Russia was behind the attack. No conclusive attribution exists at this time.
The Scottish Parliament buildingFollowing an encounter with WannaCry back in May, the Scottish Parliament conducted an independent review of its “cyber security maturity.” The exercise “offered assurance that sufficient and effective arrangements are in place to manage cyber threats and risks.” To their credit, those security measures helped detect this latest attack against the Scottish governing body.Grice said the parliament’s IT team intends to force a change of weak passwords used by MSPs and staff members. Those individuals should make sure they protect their parliamentary email addresses with a secure, complex password. For expert advice on how to create such a password, click here.