The political party, Labour, has revealed this morning it has been the victim of a large scale and sophisticated attack, one month before general elections are due to take place in the UK.
As part of the hack, digital election and campaigning tools were thought to have been targeted, along with details of potential voters. However, the party says they are confident no data was actually breached.
Paul Farrington, CTO of EMEA atVeracodehighlights that during election time, political parties face higher levels of online vulnerability and so, must ensure they that have adequate cybersecurity in place.
“The news that the Labour Party appears to have been targeted by a cyber-attack is not a huge surprise. Threats exist both in the UK and from overseas. As we saw with the 2016 US election, foreign actors sought to influence the outcome of that democratic process, with the intelligence agencies citing Russia as the main actor. Attribution for this attack will most likely take time,” says Farrington.
In explaining the technicalities of the attack, the CTO adds: “The nature of the hostile action against the party was a relatively blunt tool, in the form of a distributed denial of service (DDoS) attack, which seeks to overwhelm the target computer systems. Whilst the Labour Party has announced that the attack failed, one always needs to consider whether the DDoS episode is a distraction for another attack that may seek to take place undetected, perhaps exploiting a vulnerability in a system.”
Labour has reported the attack to government advisory board, the National Cyber Security Centre and a detailed message has been sent to voters.
A spokeswoman for the party says: “Our security procedures have slowed down some of our campaign activities, but these were restored this morning and we are back up to full speed.”