Gloucester City Council was attacked by Russian hackers after an innocent-looking email turned out to be something much more sinister.
On December 20, 2021, having expected to receive a message from a supplier, the workers were fooled as the email contained a “dangerous payload” which slithered past their defence systems and infected the network.
The “very sophisticated” cyber attack, thought to have been executed by a now-disbanded group of Russian cybercriminals, had a significant impact on council services in the city, reports GloucestershireLive.
READ MORE: Grandmother, 47, stabbed to death ‘in self defence’ after storming house to demand cash
Due to the disruption, benefits payments, planning applications and house sales were delayed, while councillors were rendered unable to email outside organisations.
Speaking on the incident, Managing Director Jon McGinty revealed that the ransomware infected the council’s system after one of his officers opened an email they were expecting from a supply chain company.
To everyone’s dismay malware infested the computer system, allowing the Russians to spend a month “skulking around” the council’s IT systems before pulling the trigger on their attack in December.
Mr McGinty said: “It was a very sophisticated cyber attack. The method used is what’s known in the trade as spear phishing.
“It’s different to normal phishing, which is just random emails saying please click here or send me some money, or that sort of thing. It’s an unexpected email from someone you didn’t expect it from. We do a lot of training around that with our staff and councillors to make sure they don’t open those emails.
“But a spear phishing is a targeted interception of a communication. What happened, in this case, was a supply chain company had their systems hacked. They were in communication with one of my officers over a case.
He continued: “Partway through that communication, they sent a dangerous email from someone we were expecting to get an email from. Someone we’d asked them to send us an email, they intercepted that, and they sent an email.
“They were pretending to be the person we were expecting to get the email from, and the email contained a dangerous payload that infected our network and got through our defences. What they did with this company and what they did with us was once they breached the defences, they spent some time skulking around our systems, learning our systems and devising a form of attack.
“A month or so later, they launched an attack. So we believe they penetrated our systems a month before the December attack.
“Spear phishing is a very dangerous form of attack. You are basically being targeted by someone who appears to be the person you are waiting to hear from.”
In a bid to ensure they were protected from things like this, the council paid millions to fend off invaders. Alas, it wasn’t enough to deter this group of crafty hackers. Subsequently, they’re now having to pay a fortune to ensure this doesn’t happen again.
McGinty continued: “We put more protections in place to make us more resilient. We spent millions of pounds before the incident making our systems secure.”
“We hadn’t just spent it on firewalls and things like that but we subscribe to the regional emergency response alerts that the National Cyber Security Centre network creates. We undertake voluntary penetration testing of our systems to see if hackers could find a way through.
“We do mystery shopper exercises with our staff and try to send them random phishing emails to see if they click on it. We do extra training for those who do click on it.”
To get more stories from the Daily Star delivered straight to your inbox, sign up to one of our free newsletters here.