Audit reports

Cyber gang made second attack on SEPA systems


The attack on SEPA was ‘malicious and sophisticated’

Cyber criminals made a second attempt to break into the computer systems at the Scottish Environment Protection Agency (SEPA), according to official audits on last year’s attack.

A Police Scotland investigation into the first incident concluded that an international serious organised crime group was most likely responsible for the extortion attempt detected at one minute past midnight on Christmas Eve. 

The Scottish Business Resilience Centre noted a “secondary and deliberate attempt to compromise SEPA systems as the team endeavoured to recover and restore back-ups”. 

SEPA did not respond to a ransom request left on its systems and was clear that it would not use public finance to pay serious and organised criminals. 

Recent London Business School research concluded that cyber-risk more than quadrupled since 2002 – and tripled since 2013 whilst Scottish Business Resilience Centre states that in the fourth quarter of 2020, attacks utilising PowerShell grew by 208% while malware leveraging Microsoft Office increased by 199%.

The same study also identified that attacks targeting public sector entities increased by 93%.   

The pattern of activity has become more global and has affected a broader range of industries. Victims have ranged from Apple and LinkedIn, to Sony Pictures, Marriot Hotels, Colonial Pipeline, Citi Bank and JP Morgan Chase.  

Closer to home, the Weir Group, the NHS, Tesco, Talk Talk, and Dundee and Angus College have also been targeted.

Terry A’Hearn, chief executive at SEPA, described the attack as a “hideous, internationally orchestrated crime”.

He said: “Unfortunately, our story is not unique. Cybercrime has rapidly expanded around the world. Major organisations such as Apple, the Irish Health Service, LinkedIn, Colonial Pipeline, CitiBank, Sony and many more have been hit by cyber-attacks.   

Terry A’Hearn: hideous crime

“In the face of this awful crime, I am immensely proud of the way our team has coped and responded. We have delivered high-priority services to protect Scotland’s environment and started building all our services up in new and better ways.

“In the end, we will have fast-tracked major reforms we had set out to do anyway. In all this work, as CEO of SEPA, I want to acknowledge and thank the outstanding efforts of our workforce and the assistance we have received from partners and all those we regularly work with. 

“A key element of our recovery has been to set a high level of transparency in our work. We’ve spoken openly about the impact of the attack, our response and recovery, including weekly service updates as one example of the many ways we’ve kept people informed about our recovery and how to work with us. 

Leave a Reply

Your email address will not be published. Required fields are marked as *

This site uses Akismet to reduce spam. Learn how your comment data is processed.