East Sussex council continues to battle 'sustained' cyber-attack
Services have been affected since the middle of June
Wealden District Council continues to face a ‘sustained’ cyber-attack, councillors have heard.
It was discovered on June 14th that hackers were making a concerted effort to login to the council’s email system, with around 3,000 such attempts by the end of that first day alone.
While the numbers of attempts to breach the system have now fallen, the council says it is still seeing more attempts than it usually would.
None of these attempts have been successful, however.
The latest position was discussed by the council’s audit and standards committee on Wednesday (July 28th), where councillors found out more from the council’s head of digital services David Plank.
Cllr David White (Ind, Hellingly) said:
“Do we know the purpose of these attacks? Is it a ransom attack where they are simply trying to extract money from the council, threatening to crash our system if we don’t pay up?
“Or are these seeking to obtain information from our databases of customer information. Bank accounts etc.
“If it is a ransom attack, do we have an effective alternative plan in place should a ransom attack succeed? In other words, do we have a recovery situation in place?”
In responding to Cllr White’s question, Mr Plank said the council had measures in place to react to a ransomware attack similar to that seen against Redcar and Cleveland Council in February last year.
That attack left its target without online services for several weeks and was estimated to cost somewhere in the region of £8.4m.
However, Mr Plank went on to say the purpose of the attack against Wealden was not clear and the hackers may just be seeking to cause disruption for its own sake.
He said:
“They could be both ransomware and also any other further disruption hackers want to cause. They don’t often have too much purpose.
“In terms of ransomware. Yes, we have been doing lots of work throughout the local government network, particularly after events like Redcar and Cleveland, whom we’ve learnt lots of lessons from.
“In our business continuity plans we do look at ransomware. We do look at the threat of that and how we can avoid that at all costs and of course reduce the scope.
“Often you will find that the way hackers infiltrate our organisation is through spurious links which are sent via emails. So, in terms of being vigilant that is what we are strongly encouraging.”
After the attack began, the council introduced ‘Multi-Factor Authentication’ for accounts logging into its system. It has also been working with the National Cyber Security Centre (NCSC) for advice and monitoring.
Cllr Neil Waller (Con, Crowborough North) asked whether any other new ‘business-as-usual’ procedures had been put in place
Mr Plank said: “I would probably argue we have become a lot more vigilant, not that we weren’t before, but obviously it puts it fresh in the mind.
“We haven’t changed significantly in terms of our processes because this has proved we had robust processes in place, but of course that doesn’t mean to say we can’t learn, because we are learning every day as the digital world is so complex and fast moving as well.”