Parliament hack: Comment from ZoneFox
June 2017 by Dr. Jamie Graves, CEO, ZoneFox
The comment from Dr. Jamie Graves, CEO, ZoneFox :
"This initial attack may have only affected under 1% of parliamentary emails, but getting into one is enough. And email access could then open up a treasure trove of information that would allow attackers deeper into the network. It really calls into question the security practices of government if in 2017 we are still being compromised by the basics, such as weak passwords; this is infosec 101.
"It’s good that NCSC managed to shut down the accounts before they could be fully taken advantage of, but questions have to be asked about the veracity of account security with such sensitive data involved. If indeed, as sources are initially indicating, the attack did stem from Russia, then we can expect that this isn’t going to be the last one we see. This time it was a ‘brute force’ attack against weak passwords - next time it could be something far more sophisticated. Therefore, the security policies of government need to be watertight, and the transfer of data in and out of the network carefully monitored with a 360-degree view for context and irregularities."