NCSC warns over ‘password spray’ attacks of council cloud services
Move to web-based software increases need for good password management, advises cybersecurity organisation
Credit: PA Images
The National Cyber Security Centre (NCSC) is seeing 'password spray' attacks against local authorities where automated attempts are made to access numerous accounts with common passwords, one of its senior officials told an audience of council IT executives.
Peter W, chief technical officer of NCSC Digital, said that the adoption of cloud computing services can boost security as software is updated and patched centrally by the supplier. But its use amplifies the need for good password management, given staff access systems online.
This means organisations should help staff to use strong passwords, rather than making arbitrary demands for ‘complexity’ such as insisting on the use of both letters and numbers. “You are forcing the user to fight that complexity,” said W, whose surname is not publicly disclosed by the organisation.
In April NCSC, a division of signals intelligence agency GCHQ, published a list of the top 100,000 passwords found through security breaches. Several of the most popular consist of a word followed by ‘1’, which would pass a rule insisting on letters and numbers but are insecure given they are so common. W pointed out that many cloud services have built-in security measures that can help tackle such attacks, but they may need activating.
NCSC provides Active Cyber Defence services to public-sector organisations which aim to track and resolve common issues actively, mitigate known large-scale problems and fix systemic vulnerabilities in core systems. W said that its Web Check service, which looks for simple misconfigurations in websites, is being used by 97% of local authorities. But he warned that the service should be set to cover all URLs used by organisations rather than just the main ones.
The organisation’s Protective Domain Name System, which blocks public-sector users from visiting websites hosting malicious material, is now used by 222 local authorities, just over half. In the week ending 9 June it handled 2.6bn queries a week, blocking 2.1m attempts to connect to 5,629 malicious domains.
Stressing that most cyberattacks aim to achieve financial gain rather than notoriety, as they are a safer way for criminals to operate than physical action, W said: “Robbing a bank is frankly dangerous. There are guns involved. Someone might get hurt.”
He was speaking at a conference run by digital leaders’ professional network Socitm in Birmingham on 19 June.
Replacement for Ciaran Martin announced
The invalidation of the EU-US data-protection agreement could have major ramifications for UK organisations’ legal responsibilities
Major review of police across England and Wales finds forces are ill-equipped to cope with the huge rise in recent years of cyber offences
Foreign affairs committee chair Tom Tugendhat says false claims and fake press releases were sent to friends and professional contacts
Locked down and forced to close clinics, the hospital trust enabled 2,000 employees to work from home and maintain continuity of services within 48 hours
University of Cambridge chose Citrix Workspace to deliver an efficient, sustainable desktop, and gained work-from-home continuity when Covid-19 struck