Please fill in the form below to subscribe to our blog

Categories

Tags

Australia BullPhishID BullPhish ID Canada commercial credential stuffing cyberattack cybercrime cybersecurity Dark Web dark web credential loss Dark Web ID dark web monitoring dark web threat Data Breach Data Breach Alerts data compromised data loss prevention data theft France hacking healthcare insider threats Japan MSPs MSP Solutions MSP Space nation-state hackers Passly passwords phishing phishing resistance phishing resistance training ransomware remote working retail security security awareness training SMB cybersecurity stolen credentials supply chain risk The Week in Breach third party risk United Kingdom United States

The Important Lesson Learned from the U.K. Parliament Cyberattack

July 20, 2017

The Parliament’s computer network was recently targeted by a brute force attack. Weak password requirements allowed hackers to gain access to 90 of parliaments 650 member’s email accounts. Although IT staff or 3rd party cyber firms can implement strong cyber-security regulations, the members of the House of Commons, or employees at any company are typically the source of a breach. Without knowing it, Members of the Parliament created threats for themselves, that went undetected until it was too late. In order to minimize the damage or the attempt of blackmail, officials temporarily locked members out of their email accounts.

Henry Smith, from the Parliament, tweeted “Sorry, no parliamentary email access today – we’re under cyber-attack from Kim Jong-un, Putin or a kid in his mom’s basement or something.” The immediate consensus was that the hacking was state sponsored. Russia and North Korea have sponsored attacks previously, so the notion wouldn’t be too far off.

In the midst of all this, weak password criteria were the root of the breach. Implementing password criteria that push beyond using one capital letter (which will typically be the first letter) and using one special character (which will usually be an exclamation point), will minimize the risk of exposing a network. Two-factor authentication, and monitoring the dark web are also important steps to govern credential loss, especially in a proactive state.

An official cautioned that “cyber threats to the UK come from criminals, terrorists, hacktivists as well as nation states.”  When hacked, credentials end up on the dark web. What happens from there is unknown, especially if people are unaware that they have now been targeted. In this case, the members were notified quickly. If this happened to your business, how soon would you know your credentials were for sale on the dark web? Or would you?

Have any suggestions or ideas on how to strengthen your password? Tweet us @ID_Agent