The Scottish public sector fell victim to a large scale targeted attack. After a large breach, tens of thousands of email accounts belonging to the public sector got leaked on the dark-net.
According to a report, over 40,000 records got breached and leaked online. Accounts have been shared across different hacking forums and are even sold on illicit markets. Cybersecurity experts are now worried of a potentially disastrous attack on public services.
Investigators noted the reality of dark-web platform being used as dumping sites for stolen data. It is typical for stolen data to be sold or just shuffled around on the dark-net. Threat actors work together to find ways to squeeze money from the data collected.
Kela. an Israeli dark-web threat analysis firm is credited with discovering the large dump. After the firm discovered large dumps of data belonging to the Scottish public sector they made an announcement. They noted that the data discovered contains sensitive information that was also traced to other attacks.
Futurescot published an article that confirmed Kela's findings. It was reassured that the data was stolen from multiple data breaches. 24 of the leaked email accounts had been shared more than 100 times in numerous different cyber events.
Scottish Public Sector
After searching around the dark-net, it was concluded that the Scottish public sector was affected. After looking closely, it is obvious that more than 50 Scottish public sector entities got affected. Among the affected organizations is the National Health Service (NHS). Local councils and the central government were also affected.
The purpose of this search was to find out who really got affected within organizations. Experts wanted to find out if service users and workers got sensitive information leaked on the dark-net.
The investigators believed that most of the affected organizations were already aware of the leaked data. They also thought that the proper precautions were taken to protect people after the breach. This assumption came as the Scottish public sector employees its own dark-net monitoring service.
A slap on the wrist
A survey conducted by the Scottish Business Resilience Center made some disturbing findings. The study found that 4 out of 10 Scottish businesses are not prepared for any cyber-attacks. This study came as a surprise. This is because two thirds of all Scottish businesses acknowledge the potential impact of such attacks.
The latest data breach is considered a wake up call by many. These attacks came in the wake of a large scale ransomware attacks. One example is the recent ransom that caused a large mayhem across the UK public sector. These attack should serve as a wake up call to all public sectors around the world.
Recently, Scotland's Environmental Protection Agency had to suffer from cyber-attacks. The agency had to spend over £800,000 in response to major cyber-attacks that involved more than 4,000 stolen files. This is considered a high profile attack and was conducted by the Conti hacker group. The attack locked over 1,200 staff members outside of the watchdog's network.
A BBC report revealed that these files were later on leaked after the agency declined to pay. The documents leaked online include contracts, strategy documents, databases and more.
The extent of the damage, revealed by media was rather dramatic. All these events have led to SEPA suffering a massive financial loss. One example is the £458,000 that was spent to fix the organizations IT platform.
The latest cyber-attacks on government infrastructure indicate the importance of good security. With the growing value of data, and the existence dark-net, cyber-crime is skyrocketing faster than ever. It is not uncommon for most people to fall victims to such a breach at-least once in their life. A standard for cybersecurity needs to be established to ensure that everyone's data can remain secure.