A coordinated cyberattack that targeted the email accounts of politicians crippled Britain’s parliamentary network on Saturday.

The attack, which is said to have resulted in the compromise of 90 email accounts on the network, resulted in officials deciding to disable remote access to the emails of members of Parliament, peers and their staff as a safeguard against those behind the attacks. While not officially confirmed as yet, some reports are claiming that the hacking efforts were state-sponsored.

A spokeman for the parliamentary network told the BBC that the email accounts were compromised thanks to “weak passwords” that did not conform to guidance from the Parliamentary Digital Service: “As they are identified, the individuals whose accounts have been compromised have been contacted and investigations to determine whether any data has been lost are under way.”

The attack came only a day after reports in the British press that sensitive data including passwords and email addresses of cabinet ministers, ambassadors. civil servants and police chiefs were being sold online by Russian hackers for as little as £2 ($2.55) each. First discovered by The Times, the lists are claimed to reveal log-in details of 1,000 British MPs and parliamentary staff, 7,000 police workers and more than 1,000 Foreign Office officials.

Proving that good password practice was lacking, the most common passwords associated with police email addresses were “police,” “police1” and “password.”

“The cyberattack on Parliamentary systems appears to be yet another example of a sustained and determined attack by cybercriminals who are constantly improving in their targeting and execution,” Greg Sim, chief executive officer of security firm Glasswall Solutions Ltd. told SiliconANGLE. “Coupled with a slow uptake of innovation by large organizations, especially those in the public sector, hackers are now finding it all too easy to slide through the backdoor of highly critical networks.”

The actor vector for the cyberattack has not been officially disclosed, but Sim said it’s likely another case of phishing or spear phishing.

“We’ve increasingly found that the most common method criminals now use is tricking their targets – often employees of organizations – into opening email attachments that contain malicious code hidden either in the content or the structure of common file types,” Sim added. “Antivirus and similar defenses are no longer a viable defense against these attacks and cannot be depended on, since they only search for known threats – not the new threats and zero-day attacks being devised by sophisticated cybercriminals on a daily basis.”

Photo: Public Domain Pictures