Posted on November 7, 2020 at 11:53 AM
Malicious Email Attacks Spread Across European Weather Services
There have been reports of malicious email attacks on weather services across Europe for the past week. The attack has created challenges for staff and destabilized the operations of the affected weather services.
According to the reports, some of the European services affected include the Danish Meteorological Institute (DMI), Spain’s State Meteorological Agency, and U.K.’s European Center for Medium-Range Weather Forecast (ECMWF).
The pervasive attack was a result of the exposure of the computer of one of the meteorological staff. The attackers infected the victim’s computer with malware and acquired the user’s mailbox by a botnet, according to the report by the ECMWF).
After acquiring the user’s mailbox, the botnet sends messages to other members of the meteorological community using the victim’s mail account.
As a result, the email accounts of many international meteorological centers became affected with the malware as well.
However, in the ECMWF statement, the organization stated that although the attack has caused a lot of issues, it hasn’t affected or compromised the organizations’ systems.
“Whilst this attack has created disruption… the attack has remained at email level and that our systems were not breached,” ECMWF stated.
The malicious emails have disrupted weather services
No one is sure what the main motive of the attacker was. So, it’s not clear whether they were simply trying to infiltrate the accounts of an individual and got lucky by picking someone with several connections with the meteorological community or whether the attackers deliberately targeted weather services.
In many countries, weather services are regarded as national infrastructure, so it could be that the attack on the services via an individual account was deliberate.
Whatever the goal of the attacker, it’s clear that malicious mail has caused a lot of trouble in international and national meteorological services.
The MET office recently stated that it has received messages from several of its staff who have received malicious emails. According to their reports, they thought the mail came from trustworthy sources within the meteorological community.
Most weather services institutions that are affected are now trying to curb the effect of the attack on their system. Some even shut down their system for a few hours to stop the further spread of the malicious mail.
Measures in place to secure systems
A Met Office spokesperson revealed that the number of malicious emails received has been massively cut down within the past few days. The spokesperson also revealed there have been several measures in place to make sure all the systems are safe.
These measures include offering good security tips and guidance to staff as well as blocking links and attachments that could contain malicious emails meant to disrupt the systems.
The spokesperson admitted that the new security measures have created some delays in the organization’s daily work, but it is necessary to protect all systems and reduce any impact of a security threat.
Some legitimate emails are cut off
According to the reports of a climate scientist at the DMI, Ruth Mottram, the attack has led weather services organizations to be very cautious. As a result, it has caused some disruptions as some genuine emails as caught in spam filters.
Other colleagues in other weather services are also reporting similar security measures, which has disrupted even legitimate mails.
They said the IT departments in those weather services are taking out any email that comes with attachments in a bid to stop receiving emails containing the malicious files. The attacks have put some level of pressure on the email system, but all the security measures are short term necessities to reduce or completely stop the malicious emails.
According to Mike Beck at U.K.’s cybersecurity firm Darktrace, the collaborative and open nature of meteorological groups makes them vulnerable to such malicious attacks.
He says such type of attacks has occurred in the academia before since it’s easier for the attackers to spread their malicious mail in a community that interacts very well.