The email service at the Northern Ireland Parliament, Stormont has been hit by a brute force attack allowing unknown attackers to access email accounts of several members, according to information security training researchers.
As per to an internal email seen by the BBC, Members of the NI Parliament have been notified that the attack was an external source trying to access assembly mailboxes with numerous password attempts.
The compromised accounts were disabled by Stormont’s IT department, and the staff has been told to change their passwords and remain vigilant. The cyber attack is being investigated by the National Cyber Security Centre.
This attack came days after it was revealed that APT15 hacking group who are associated with Chinese intelligence had allegedly hacked a UK government contractor and stole military secrets from its computers.
“Staff should be updating their passwords with a stronger combination of letters, numbers and special characters following this attack. Every additional character in a password increases the number of possible combinations, making brute-force attacks on long passwords far harder for hackers to crack. But increasing the complexity of a password also makes it much harder for people to remember, hence why password123456 is still the most popular password today”, Eduard Meelhuysen, Head of EMEA at Bitglass told in an email.
“Rather than advising users to create random strings of letters and words passwords, we should be recommending the use of passphrases. These will still be lengthy but made up of real words, so easier to remember. It might seem simple, but the truth is, if a password takes too long to crack, hackers will simply move onto the next batch”, added the information security training professional.
Now, if you are not acquainted with the term, a Brute Force attack takes place when attackers attempt to find a password or passwords using automatic software which calculates every possible combination of numbers, symbols, and letters. In some cases, attackers discover the correct combination, an information security training expert explains.
The best way to protect you from Brute Force attack is to simply lock out accounts after a defined number of incorrect password attempts. This can be done using plugins or manually by the site administrator.