Cyberattack on environment watchdog pinned on organised crime group

Written by PublicTechnology staff on 29 October 2021 in News
News

Investigators praise Scottish regulator for openness

Credit: Adobe Stock

An international serious organised crime group was behind a cyberattack on the Scottish Environment Protection Agency late last year, Police Scotland has concluded.

The hack saw more than 4,000 digital files stolen from the regulator. An independent audit said the attack “displayed significant stealth and malicious sophistication”.

A second hacking attempt was also made in a bid to sabotage SEPA’s attempt to fix the problems caused by the first. The audit also found that while SEPA had “sophisticated defence and detection mechanisms”, two of its backups had been affected by the hack.

Chief executive Terry A’Hearn said: “The audits make it clear we were well protected but that no cybersecurity regime can be 100% secure. A number of learnings have been identified that will help SEPA further improve its cybersecurity. All have been accepted.”


Related content


The ransomware attack was detected at shortly after midnight on Christmas Eve last year.

Some of the stolen information was published online, including business and staff details.

The environment watchdog did not respond to the ransom request.

Detective inspector Michael McCullagh said: “Recent attacks against SEPA, the Irish Health Service and wider public, private and third sector organisations are a reminder of growing threat of international cybercrime and that no system can be 100% secure. They’re also a reminder of the growing importance of organisations being ready, resilient, and responsive. SEPA’s work in standing up to, and speaking openly about international serious and organised cybercrime, shows real leadership.”

 

Share this page

Tags

Categories

CONTRIBUTIONS FROM READERS

Please login to post a comment or register for a free account.

Related Articles

Police chiefs to launch online hub for forces’ use of tech, data and science
1 April 2022

NPCC website will allow officers to see what peers in other parts of the country are doing

‘A core part of national infrastructure’ – ministers consider regulating to make the cloud safer
27 May 2022

Consultation launched seeking feedback on risks and mitigations for systems that now underpin a wide range of ‘essential services’ 

Fraud challenges see HMRC and DWP named among ‘departments of concern’
27 May 2022

Public spending watchdog points to issues with controls on fraud and error

EXCL: Wall of silence surrounds plan for nationwide collection of citizens’ internet records
26 May 2022

Online notice reveals controversial trials are to be expanded into a national service – about which government, law enforcement, watchdogs and all the UK’s major ISPs declined to answer questions...