Parliament targeted by 24-hour brute-force attack

You may remember in late March that not only Channel Nine, but also Federal Parliament, were making headlines for being targetted by significant cyber attacks.

While there was ample coverage and information available regarding Channel Nine, we’re only now receiving further information regarding the attack against the Department of Parliamentary Services (DPS).

Over a 24 hour period, the federal parliament network was targeted by a brute force attack; an attack method that aims to guess or ‘crack’ passwords and login information through sheer volume of attempts.

Senator Scott Ryan reported that while the brute force attempt was not successful, it did lead to a significant disruption of service as many user accounts were locked down between March 27th and April 5th.

Thankfully, the attack was contained and mitigated before systems and data could actually be compromised, however, this isn’t the first time that Parliamentary services have been disrupted as a result of cybercrime.

2019 saw a malware injection – reportedly launched by state actors – against Parliamentary systems, which also led to services being shutdown during required security measures.

And only recently, yet another state-actor suspected cyber attack was launched on Western Australia’s Parliament, notably during a state election.

While there is a world of difference between government cybersecurity and business cybersecurity, there’s also plenty of common-ground learning that can be taken away from this recurrent slew of attacks:

  • Lock down your devices: After an attack or suspicious activity has been identified, it is pertinent to restrict access on impacted or neighboring systems. This way, any malicious attackers can be locked out, and any damages can be contained pending further investigation.
  • Enforce your password policy: While there hasn’t been clarification on whether Parliament’s login interfaces were manually or automatically locked, it’s crucial that your password and login systems are configured to automatically lock after too many failed attempts. Furthermore, make sure your passwords meet a minimum strength requirement of:
    • At least 8 characters in length
    • A mixture of upper and lower-case letters
    • A mixture of numeric, alphabetical and special characters
  • Keep your software up to date: The recent WA attack involved attempted exploitation of Microsoft exchange vulnerabilities, and foreign governments have fallen victim to similar Microsoft-related attacks. It’s crucial to stay up-to-date on known vulnerabilities and updates for your organization’s software and ensure you have a prompt update policy in place.

Not sure about the next steps to take for your cybersecurity? Visit cyberaware.com for key safety tips and takeaways. 

Comments are closed.
Top
WAIT!
Thanks, Not Interested
GET STARTED!
Get a demo of our next-gen security awareness platform today. Please fill in the form below and a member of our team will be in touch shortly.
GET STARTED!
Thanks, Not Interested
GET STARTED!
Get a demo of our next-gen security awareness platform today. Please fill in the form below and a member of our team will be in touch shortly.
Get Demo Now