21 million: That's how many cyber attacks Blackpool Council fought off in one year

More than 21m cyber attacks have targeted Blackpool Council’s website in just 12 months.

Tuesday, 22nd January 2019, 9:35 pm
Updated Tuesday, 22nd January 2019, 10:43 pm
Blackpool Council has been subjected to 21 million cyber attacks

Shocking figures reveal a total of 21,164,974 attempts to breach IT systems were blocked.

And experts warn the threat from around the world is growing as hackers use increasingly sophisticated techniques to target public organisations to disrupt services or steal personal data.

Blackpool Council’s audit committee heard a distributed denial of service (DDoS) attack last September disrupted council networks for half a day.

Sign up to our daily newsletter

The i newsletter cut through the noise

Blackpool Council has been subjected to 21 million cyber attacks

Tony Doyle, the council’s head of IT, said: “There is no doubt the cyber threat is growing and in spite of continuing investment and commitment of time and resources, the threats will continue to challenge the council in the future.

“We had some technology in place that we were able to use to reduce the impact and we learnt some valuable lessons from that.”

He said all staff and councillors were being trained to recognise rogue emails and the council did currently have a good rating for its cyber security.

But Mr Doyle warned attacks were “coming from across the globe” as well as “thousands of malicious emails that attempt to infect or steal data from the council’s network.

He added: “The service has seen increasing evidence of cleverly crafted and personally profiled spear ‘phishing’ emails that even the most savvy end user would be tempted to click on.”

So-called ‘phishing’ scams lure unsuspecting victims to give out personal data – such as passwords –by tricking them into thinking they are using a legitimate site.

Cyber criminals are using increasingly sophisticated techniques such as machine learning and encryption.

Mr Doyle added: “It is essential we continue to invest and develop the council’s cyber defence capabilities to provide adequate assurance in this area.”

An updated security policy was launched in December along with mandatory cyber skills training for all staff which must be completed by the end of January.

An internal phishing test found less than one per cent of council workers were fooled into clicking onto a mock scam email.

If a cyber attack led to a data protection breach, the council could be fined up to four per cent of its turnover, or €20m (around £17.6m).

Dr Max Eiza, a computing lecturer at UCLAN’s School of Physical Sciences and Computing, said: “Of course, hackers are getting more sophisticated and smarter about the way they carry out their attacks.

“For instance, phishing emails, which is one of the most popular ways to spread malware and hack into systems, are getting more convincing and persuasive for the receivers to respond or click on an attachment.

“Moreover, the same technology that can be used to benefit people, such as artificial intelligence and machine learning, is also used by hackers to gain more knowledge and insights about their targets.

“The more they know about their targets, the easier it gets to mount a successful attack.

“Simply speaking, hackers assume that council websites are easy targets because it might not be protected or developed with security in mind.

“Given the fact that council websites offer a wide range of services such as social care, council tax, waste collection, et cetera, they maintain a large amount of personal data that can be very useful for hackers - including names, addresses, usernames, passwords.

“Furthermore, council websites offer online payments to many services such as council tax. This payment information is very valuable to hackers.”

Dr Max Eiza, a computing lecturer at UCLAN’s School of Physical Sciences and Computing,

Blackpool Town Hall

Half of all crime now online

Cyber crime is increasing in Lancashire, police said.Around 50 per cent of all crimes in the county are believed to involve online technology.A Lancashire Police spokesman said: “Cyber crime is an increasing issue in Lancashire as it is across the country.“We want to raise awareness on how to protect others on the internet and prevent them being a victim of cyber crime.“As much as half of all crime now has some element of online technology, whether card fraud, hacking businesses or stalking and harassment.“When money that is stolen online can vanish in seconds and prevention has to be our watchword. “We are committed to tackling this issue and give the people of Lancashire the best support possible.

How can you save yourself?

How can the average person protect themselves from cyber attacks on their home computers?Dr Eiza said: “The average person needs to watch for phishing emails and unusual requests to send their personal information such as names and passwords.“More importantly, they should not click on an attachment even if they receive that email from someone they know because that account might have been hacked.“Of course, the latest security updates to your device (PC, phone, or any other device) are very important. Having an anti-virus installed will be very helpful as well. A good strong password that is difficult to guess is your first line of defence.“Users are strongly advised to use different passwords for different accounts. If they use the same password for all their accounts, one hack will jeopardise all their accounts’ security.“Finally, people should provide the least amount of personal information online (only if it’s absolutely necessary) to protect themselves from any exposure to cyber attacks on websites.”

Cyber attacks and the NHS

An ‘unsophisticated’ cyber attack on the NHS nearly two years ago wreaked havoc at Blackpool Victoria Hospital as many patients were left stranded.The WannaCry virus rapidly spread through the NHS’ IT system in May 2017, bringing the service to its knees as computers were shut down in an effort to contain the malware, which threatened to delete information unless a ransom was paid.Health bosses at Blackpool Vic asked people to avoid A&E and the walk-in centre unless absolutely necessary.An investigation into the attack, which is believed to have affected 81 health trusts in England (a third of the 236 total, plus almost 600 GP surgeries), found that it was ‘relatively unsophisticated’.Despite this, almost 19,500 medical appointments, including 139 potential cancer referrals, were estimated to have been cancelled, as a result of the shut-down. There were 1,217 computers affected across the Fylde coast – 996 of which were at Blackpool Victoria Hospital.In February last year, bosses at the Blackpool Teaching Hospitals Trust said IT experts at the Vic had been involved in developing a new system to protect against cyber attacks.