Computer #hackers managed to #hack into #Dundee council #IT system three times

Figures obtained by the Tele revealed the local authority’s systems were hit by malicious software in May and June 2015 and in September 2016.

All three attacks took the form of “ransomware”, which encrypts computer files and demands a financial payment in order to retrieve the files affected.

The attacks were carried out by email – sent as either a link or a malicious attachment.

The council said that its intrusion detection and prevention systems were under “constant attack” as often as hundreds or thousands of times every day but declined to comment on how the successful attacks had affected its systems.

The local authority has spent almost £500,000 to bolster security measures in the last five years, including £107,000 so far in 2017/18.

Such software is often bought on a multi-year licence and is required to cover the hundreds of computers the council uses on a day-to-day basis.

Dr Natalie Coull, head of Abertay University’s cyber security division, said attacks on computer systems were becoming increasingly common.

She said: “The motivation for cyber crime is similar to traditional crime in that it can be carried out for any number of reasons.

“However, many of the most commonly used ransomware, malware and phishing attacks are directly designed with securing a payment from the victim in mind, or stealing their data.

“No longer can any organisation or company expect complete protection and, at present, it seems we may never get to a point where a system can be declared 100% secure.”

A council spokeswoman declined to comment on whether any personal details had been stolen or if any cash had been handed over to cyber-extortionists, saying only that the authority “fully recognised” the importance of being secure.

She said: “In the immediate aftermath of the global WannaCry attack, the council responded by reviewing and enhancing its security measures in an effort to minimise its exposure to the risk.

“As part of a range of preventative and protective actions, council staff were briefed electronically about current malware threat levels and the need to adopt secure practice.”