[ad_1]
The Storting has again been affected by a computer attack. The attack is linked to vulnerabilities in Microsoft Exchange, which affected several companies.
– The Storting has again suffered a serious cyber attack. We do not know the extent, but we do know that data has been extracted. The attack is related to exploits on Microsoft Exchange, says Storting President Tone Wilhemsen Trøen (H) at a press conference Wednesday afternoon.
– What we have been exposed to has affected many. We know that the threat image is constantly evolving. We were attacked this fall and we are being attacked again. This is bigger and more advanced than last year.
– The attack could disrupt parliamentary systems and is an attack on democracy, he continues.
The Storting claims that they have reported the case and that further investigation has been left to the police.
The Storting does not yet know the full scope of the attack. Various measures have been implemented in the systems and analysis work is ongoing. The Storting has received confirmation that data has been extracted, but does not yet know who is behind the attack.
also read
Storting strengthens security: lack of mandatory 2-step email verification
– It couldn’t be helped
According to the director of the Storting, Marianne Andreassen, the attack could not be prevented.
– Microsoft came out on March 2 and prescribed the attack. On March 3, the information became available. On Friday March 5, the Storting received a warning from the National Security Authority against our systems. The national security authority came the same day and said that Microsoft contains vulnerabilities that are exploited in Norway, Andreassen says.
He states that the Storting cannot go into details about what measures have been implemented, but says that “a password change was implemented for everyone.”
– We are still in an analysis phase, and we cannot rule out new measures that may affect representatives and employees, he says.
– The Storting could not prevent this attack.
They think they can work in the systems again.
– Is there data that could put pressure on people who have recovered? Can you elaborate?
– It is part of the analysis phase, about which we cannot say anything now. We can’t rule it out, says Andreassen.
When asked how the attack could disrupt parliamentary processes, the director says:
– It is quite obvious that an attack on the Storting and the theft of our computer systems would affect parliamentary systems. It is an attack on the main democratic and parliamentary activities. If one can no longer work on our systems, it would interfere with the way we are supposed to do our work.
– We are sure that now we can work on our systems.
– The data has been recovered
A press release sent out by the Storting earlier on Wednesday claims that the TI attack is part of an international problem.
The vulnerability exploited in this case is the so-called “zero-day vulnerability”. This means a vulnerability that the vendor was unaware of, but that threat actors can detect and exploit.
The National Security Authority (NSM) warned before the weekend that vulnerabilities in Microsoft Exchange are being actively exploited by advanced and non-advanced threat actors.
The National Security Authority informs E24 on Wednesday that they have scanned all of Norway and identified 1,500 servers that may be affected by the vulnerabilities.
– A quarter of these have not installed the updates, says Trond Øvstedal, information manager at NSM.
Øvstedalsier who cannot answer whether the Storting could have prevented the attack.
But despite installing the updates, the damage may have already occurred, according to NSM.
– Everyone with Microsoft Exchange servers should go back to the logs and see if they have been attacked before the installations.
Sent mail on Tuesday
The vulnerabilities were identified and reported on March 2, but all companies that had not taken advantage of the post update by the end of March 3 should assume they are under attack, authorities warned.
The parties in the Storting received a report on Friday, March 5, that the Storting had begun investigating the holes in the Microsoft Exchange.
On Tuesday this week, an email was sent about two-factor authentication and on Wednesday, the Storting sent a press release and email about the IT attack, based on the emails it has been given access to. to VG.
In this press release, the Storting writes that they were unable to prevent the attack and that at present it is not possible to see any connection between this attack and the IT attack that the Storting was exposed to. Fall 2020.
On September 1, news broke that several Storting members and employees had been exposed to theft on their email accounts. The victims sat on various committees and several were able to access sensitive information.
– We know that data has been extracted, but we do not yet have a full description of the situation. We have implemented comprehensive measures and we cannot rule out more being implemented. The work is carried out in collaboration with the security authorities. Currently, the situation is unclear and we do not know the full potential for damage, says Director Marianne Andreassen in the press release.
– Change Password
An email to Storting representatives states that the full scope of the attack is not yet known and that a number of measures have been implemented. Analysis work is in progress.
– All representatives and employees will now be notified to change their password. Along with many other security measures, this is important now, it is stated in the email describing the situation as “not resolved”.
It is not excluded that new measures may arise.