Scottish Parliament Under Siege from Brute-Force Cyber Attack

This week, the Alert Logic team highlights Scottish Parliament Under Siege from Brute-Force Cyber Attack and a New Exploit Kit Emerges on Underground Forums. Read the full report to learn more and get access to the week’s Top Malicious IP addresses.

Breach

Scottish Parliament Under Siege from Brute-Force Cyber Attack

Hackers are trying to break into Scottish Parliament email accounts weeks after similar campaigns against Westminster.

According to reports, MSPs and Holyrood staff were warned that unidentified hackers were running "brute-force" attacks on systems in the devolved assembly. The Scottish parliament said in a statement, there was no evidence to suggest that the attack has breached the assembly's IT defenses.

References: Scottish Parliament Hit by Cyber-Attack Similar to Westminster Assault | Cyberattack on Scottish Parliament 'Could Last Days', MSPs Warned | Scottish Parliament Being Subjected to Brute-Force Cyber Attack

Mitigation Strategies:

  • Intrusion detection system (IDS) signatures would detect intrusion and network anomalies.
  • Security Operations Center team provides 24x7 security monitoring, daily log review, web application firewall management and advanced anomaly detection.
  • Web filtration to prevent users from clicking on malicious websites.
  • FIM solution would detect any type of file modification or addition.
  • Mail filtration would scan incoming files and hyperlinks of any malicious links or code.
  • Log management could detect any suspicious user account activity.

Malware

New Exploit Kit Emerges on Underground Forums

For just $80 per day, cyber criminals can subscribe to Disdain. That's the name of a new exploit kit that's appeared on at least one underground Russian cybercrime forum, and which is being advertised by a "threat actor" who uses the handle "Cehceny," according to Israeli cybersecurity firm.

Cehceny claims Disdain will provide users with the ability to track the browser and IP of infected endpoints, geolocate victims, obscure attack payloads using RSA keys and automatically rotate attack domains, among other features.

References: New "Disdain" Exploit Kit Spotted on Underground Forums | The Disdain Exploit Kit Appears in the Threat Landscape | Hackers Can Buy the New 'Disdain' Exploit Kit for as Little as £60 on the Dark Web

Mitigation Strategies:

  • Security Operations Center team provides 24x7 security monitoring, daily log review, web application firewall management and advanced anomaly detection.
  • Log management could detect any suspicious user account activity.
  • Web filtration to prevent users from clicking on malicious websites.
  • Intrusion detection system (IDS) signatures would detect intrusion and network anomalies.
  • FIM solution would detect any type of file modification or addition.
  • Secure your local Browser

This Week's Suspicious IP Addresses

24.41.255.142 64.85.198.227
96.234.33.32 195.154.183.111
200.114.207.57 103.207.37.102

*IP addresses provided by Recorded Future.