Scottish Parliament Targeted in Cyber Attack

Scottish Parliament Targeted in Cyber Attack
The Scottish Parliament has been targeted by a “brute force” cyber attack, officials have said. Chief executive Sir Paul Grice said the attack, from “external sources”, was similar to that which affected Westminster in June. He confirmed the attack in a message to MSPs and staff with parliamentary email addresses, urging them to be vigilant.

Mr Grice said “robust cyber security measures” identified the attack early, and systems “remain fully operational”.

Scottish NHS boards were also affected by a cyber-attack in May, leading to several discussions of cyber security at Holyrood.

Parliamentary corporate body member David Stewart told MSPs in June that an independent review of “cyber security maturity” had been carried out, and had “offered assurance that sufficient and effective arrangements are in place to manage cyber threats and risks”. He added that parliament regularly takes advice from the police, the security services and the national cyber security centre.

A “brute force” attack involves hackers repeatedly trying to access systems using a range of different passwords, in the hope of effectively guessing the correct password through trial and error.

Mr Grice’s email urged MSPs and staff to make sure their passwords were as secure as possible, saying that the parliament’s IT team would “force a change to weak passwords as an additional security measure”.

He wrote: “The parliament’s monitoring systems have identified that we are currently the subject of a brute force cyber attack from external sources. This attack appears to be targeting parliamentary IT accounts in a similar way to that which affected the Westminster parliament in June. Symptoms of the attack include account lockouts or failed logins. The parliament’s robust cyber security measures identified this attack at an early stage and the additional security measures which we have in readiness for such situations have already been invoked. Our IT systems remain fully operational.”

News & Sports Websites Vulnerable to Attack

News & Sports Websites Vulnerable to Attack
News and sports websites have some of the lowest levels of security adoption, a study has suggested. A team of cyber-security experts looked at the security protocols used by the top 500 sites in various industries and online sectors. They found that fewer than 10% of news and sports websites used basic security protocols such as HTTPS and TLS.

Even those that do are not always using the “latest or strongest protocols”, one of the study’s authors said.

“As time goes by, all encryption gets weaker because people find ways around it,” Prof Alan Woodward, a cyber-security expert at the University of Surrey, told the BBC. “We tested the University of Surrey’s website using a site called Security Headers a couple of weeks ago and it got an A,” he explained, “but it’s only a C now.”

The research, published in the Journal of Cyber Security Technology, shows that some sectors seem much more security-conscious than others. The websites of computer and technology companies and financial organisations showed a much higher level of adoption than shopping and gaming sites, for example.

“In the financial sector, almost every one of the sites we looked at had encrypted links”, Prof Woodward said, “but even in retail the adoption of the very latest standards is low.”

A quarter of the shopping sites studied were using Transport Layer Security (TLS), which offers tools including digital certificates, remote passwords, and a choice of ciphers to encrypt traffic between a website and its visitors. But among news and sport websites fewer than 8% were found to be using the protocol. Among those that did, many failed to make use of some of the strongest tools available, such as HSTS, which automatically pushes users accessing an unsecured version of a website on to the encrypted version instead.

“It’s like news and sport content providers don’t value the security of their content,” Prof Woodward said. “They’re leaving themselves vulnerable to attacks like cross-site scripting, where an attacker can pretend something’s come from a website when it hasn’t.”

But Prof Woodward warned against putting too much faith in sites that appear to have the most up-to-date and comprehensive security protocols in place.

“People assume that because they’re using TLS they’re having a secure conversation, but there’s no guarantee about who they’re having that secure conversation with,” he explained. “Some of those spoof sites are using more up-to-date security than the genuine sites. You’ve got to click on that padlock and check who it is you’re talking to.”

Cyber Attack may have North Korea Link

Cyber Attack may have North Korea Link
The BBC news website is reporting that the WannaCry ransomware cyber-attack may have North Korea link. You may not have heard of the Lazarus Group, but you may be aware of its work. The devastating hack on Sony Pictures in 2014, and another on a Bangladeshi bank in 2016, have both been attributed to the highly sophisticated group.

It is widely believed that the Lazarus Group worked out of China, but on behalf of the North Koreans.

Security experts are now cautiously linking the Lazarus Group to this latest attack after a discovery by Google security researcher Neel Mehta. He found similarities between code found within WannaCry – the software used in the hack – and other tools believed to have been created by the Lazarus Group in the past. To read the complete posting visit this BBC News page.

Nearly Half of Firms had a Cyber Attack or Breach

Nearly Half of Firms had a Cyber Attack or Breach
Nearly half (46%) of British businesses discovered at least one cyber security breach or attack in the past year, a government survey has indicated. That proportion rose to two-thirds among medium and large companies.

Most often, these breaches involved fraudulent emails being sent to staff or security issues relating to viruses, spyware or malware.

The survey was completed by 1,500 UK businesses and included 30 in-depth interviews.

The government said a “sizeable proportion” of the businesses still did not have “basic protections” in place.

While many had enacted rudimentary technical controls, only one-third had a formal policy covering cyber security risks.

Less than a third (29%) had assigned a specific board member to be responsible for cyber security.

China’s Lenovo Becomes Victim of Cyber Attack

China’s Lenovo Becomes Victim of Cyber Attack
Chinese computer maker Lenovo has become the victim of a cyber-attack following a warning by the US government about software called Superfish. The Superfish adware program – which offered shopping tips – was shipped on some of the company’s notebook devices.

A hacking group called Lizard Squad claimed responsibility for the Wednesday attack via Twitter. The group has taken credit for several other attacks, including one on Sony.

“One effect of this attack was to redirect traffic from the Lenovo website,” Lenovo said in a statement. “We are also actively investigating other aspects. “We are responding and have already restored certain functionality to our public-facing website.”

The firm also said it was “actively reviewing” its network security and would take steps “to protect the integrity of our users’ information and experience”.

Last week, the computer-making giant said it was offering customers a tool to help them remove the pre-installed software after experts warned that it was a security risk. The firm then said it had disabled the software because of customer complaints.

In a later statement, however, the company said it was aware of security risks about the software and was focused on fixing it.

Superfish was designed to help users find products by visually analysing images on the web to find the cheapest ones.