Foreign Office target of ‘serious cyber incident’

And we can expect more attacks on government agencies, warns cyber industry

Posted 10 February 2022 by Christine Horton

The UK’s Foreign, Commonwealth and Development Office (FCDO) has been the target of a “serious cyber-security incident”.

First reported by The Stack, the details of the attack came via a tender document published on a government website, seemingly by mistake. It revealed that cybersecurity firm and FDCO’s long-term service management integrator, BAE Systems Applied Intelligence was called on for “urgent support”.

It is reported that unidentified hackers got inside the FCDO systems but were detected. A spokesperson for the FCDO told the BBC that it doesn’t comment on security but it has “systems in place to detect and defend against potential cyber incidents”

It is not believed that any classified or highly sensitive material was breached. It is also not clear when the incident took place, but the contract finished on 12 January of this year.

The contract was valued at £467,325.

Turmoil of a breach

The cyber industry has weighed in on the attack, pointing to more attacks on governments and institutions on the horizon.

Adam Seamons, systems and security engineer at GRC International Group said that criminals rarely tackle government or military groups without serious backing, and that the attack pointed to support by a nation state.

“Even if sensitive data wasn’t compromised, the turmoil of a breach and the embarrassment caused is often enough to warrant this sort of incident as a win for the attacker,” he said. “With the current geopolitical climate heating up (Ukraine, Hong Kong, Taiwan, etc) we’d expect to see more attacks on governments and institutions. It speaks volumes to the current state of national cybersecurity that contractors were brought in to help deal with this, not to mention the fact that details of the incident have accidentally been leaked.”

Chris Vaughan, area VP of technical account management for EMEA at Tanium,said the attackhighlighted the importance of employee education.

“It’s vital to be aware of the simple steps that can be put in place by any company or government department that experiences a data breach to help prevent it happening again,” he said. “This includes ensuring a complete view and knowledge of company endpoint devices and securing cloud networks to block unauthorised access to customer and citizen data. This will help them identify any weaknesses that could increase the likelihood of a cyberattack being successful, such as unpatched devices or users adopting risky behaviours.

“Another measure that will help negate these attacks is a thorough cybersecurity training programme for staff. This may seem obvious, but many security breaches start with a user clicking on a malicious link – often in a phishing email.

 “With such sensitive data being stored, it is an essential requirement for organisations to follow these steps, to have greater visibility and control over their data and minimise the likelihood of breaches occurring again.”

Government agencies need to act

Elsewhere, Matt Aldridge, principal solutions consultant at Carbonite + Webroot also said the attack is an indication that cyberattacks are becoming increasingly targeted at government critical infrastructure.

He said it is “imperative for government agencies to boost their security strategies to ensure sensitive, valuable data remains safe and protected. To limit the impact of these attacks, national institutions that hold private information should ensure they have clearly defined security policies and procedures to avoid any leak of information. This starts with employee education, which underscores all effective cyber resilience and data protection strategies.

Aldridge said the fact that the Foreign Office were aware that there was unauthorised malicious activity going on inside their environment “is reassuring, showing that detection systems and processes are doing their intended job. Equally, that they were able to extend their agreement with their cybersecurity services partner as an urgent response shows that the value of incident response planning and of building the right services network to support your organisation’s security.”