Cyber attack threat identified in Buckinghamshire and Milton Keynes fire service email

National cyber security watchdogs sent a red alert to Bucks and Milton Keynes Fire Authority after spotting that a “Qakbot” had buried itself in an employee’s email.

Wednesday, 17th March 2021, 4:59 pm
Updated Wednesday, 17th March 2021, 5:02 pm

A meeting heard that Qakbot viruses in dodgy emails can lead to organisations being held to ransom when they seize up computer systems until money is paid over.

The authority’s overview and audit committee heard on Wednesday that it was the first time the National Cyber Security Centre had issued such an alert to the Bucks and MK fire and rescue service.

Graham Britten, the director of legal and governance at Buckinghamshire and Milton Keynes Fire Authority, said that the service has also had to act fast in response to other recent cyber threats.

Mr Britten said: “On February 25 we received notification from the National Cyber Security Centre that a work email address of one of our employees had been identified as being in the possession of Qakbot hackers.

“Qakbot is a precursor to ransomware, which could have infiltrated our systems,” he said.

“We took this notification very seriously not least because this is the first such notification that we have received from the National Cyber Security Centre and the ramifications for the authority of a ransomware infection is very serious.”

The authority’s computer system defenders were able to verify that the email user had protection from Qakbots, and the email address was deleted to remove the threat.

Cllr Robin Stuchbury

Employees have been reminded not to give out their work email addresses unnecessarily.

The committee was also told that the ICT team is being kept on its toes by dealing with other cyber risks to do with attacks on Microsoft services.

Systems have been updated to deal with a new threat from the WannaCry ransomwear that caused disruption to the NHS in 2017.

Buckinghamshire Labour Cllr Robin Stuchbury wondered whether hackers could get into fire service systems from councillor email addresses.

“Could we be a source of contamination?” he asked.

Mr Britten said the biggest risk is in people opening something because, despite all the security updates “sometimes the hackers are one step ahead.”

He said staff were advised not to use work email addresses for personal business.

Cllr Stuchbury said he wanted to make sure that Buckinghamshire and Milton Keynes councillors who sit on the fire authority abide by email rules.

“We don’t want to open you up to unwarranted pressure and attacks,” he said.