NCSC warns over ‘password spray’ attacks of council cloud services
Move to web-based software increases need for good password management, advises cybersecurity organisation
Credit: PA Images
The National Cyber Security Centre (NCSC) is seeing 'password spray' attacks against local authorities where automated attempts are made to access numerous accounts with common passwords, one of its senior officials told an audience of council IT executives.
Peter W, chief technical officer of NCSC Digital, said that the adoption of cloud computing services can boost security as software is updated and patched centrally by the supplier. But its use amplifies the need for good password management, given staff access systems online.
This means organisations should help staff to use strong passwords, rather than making arbitrary demands for ‘complexity’ such as insisting on the use of both letters and numbers. “You are forcing the user to fight that complexity,” said W, whose surname is not publicly disclosed by the organisation.
In April NCSC, a division of signals intelligence agency GCHQ, published a list of the top 100,000 passwords found through security breaches. Several of the most popular consist of a word followed by ‘1’, which would pass a rule insisting on letters and numbers but are insecure given they are so common. W pointed out that many cloud services have built-in security measures that can help tackle such attacks, but they may need activating.
NCSC provides Active Cyber Defence services to public-sector organisations which aim to track and resolve common issues actively, mitigate known large-scale problems and fix systemic vulnerabilities in core systems. W said that its Web Check service, which looks for simple misconfigurations in websites, is being used by 97% of local authorities. But he warned that the service should be set to cover all URLs used by organisations rather than just the main ones.
The organisation’s Protective Domain Name System, which blocks public-sector users from visiting websites hosting malicious material, is now used by 222 local authorities, just over half. In the week ending 9 June it handled 2.6bn queries a week, blocking 2.1m attempts to connect to 5,629 malicious domains.
Stressing that most cyberattacks aim to achieve financial gain rather than notoriety, as they are a safer way for criminals to operate than physical action, W said: “Robbing a bank is frankly dangerous. There are guns involved. Someone might get hurt.”
He was speaking at a conference run by digital leaders’ professional network Socitm in Birmingham on 19 June.
Cabinet Office offers those affected a one-year subscription to a credit-checking service
Concerns expressed after leak of messages between Boris Johnson and vacuum magnate Dyson
Officials advised that hostile states use LinkedIn and other sites
Gary Aitkenhead is leaving Dstl
Higher Education institutions are some of the most consistently targeted organisations for cyberattacks. CrowdStrike explores the importance of the right cybersecurity measures.
There are many reasons to keep your Oracle workloads running on local servers. But there are even more reasons to move them to the cloud as part of a wider digital transition strategy. Six Degrees...
With the backdrop of the COVID-19 pandemic, every disaster now entails responding to at least two emergencies. Dataminr explains how organisations can best prepare.