Bucks and MK Fire Authority: Cyber attack threat identified in fire service email

National cyber security watchdogs sent a red alert to Bucks and Milton Keynes Fire Authority after spotting that a “Qakbot” had buried itself in an employee’s email.

Wednesday, 24th March 2021, 10:36 am
Updated Wednesday, 24th March 2021, 10:38 am
National cyber security watchdogs sent a red alert to Bucks and Milton Keynes Fire Authority after spotting that a “Qakbot” had buried itself in an employee’s email.

A meeting heard that Qakbot viruses in dodgy emails can lead to organisations being held to ransom when they seize up computer systems until money is paid over.

The authority’s overview and audit committee heard that it was the first time the National Cyber Security Centre had issued such an alert to the Bucks and MK fire and rescue service.

Graham Britten, the director of legal and governance at Buckinghamshire and Milton Keynes Fire Authority, said that the service has also had to act fast in response to other recent cyber threats.

Mr Britten said: “On February 25 we received notification from the National Cyber Security Centre that a work email address of one of our employees had been identified as being in the possession of Qakbot hackers.

“Qakbot is a precursor to ransomware, which could have infiltrated our systems,” he said.

“We took this notification very seriously not least because this is the first such notification that we have received from the National Cyber Security Centre and the ramifications for the authority of a ransomware infection is very serious.”

The authority’s computer system defenders were able to verify that the email user had protection from Qakbots, and the email address was deleted to remove the threat.

Employees have been reminded not to give out their work email addresses unnecessarily.

The committee was also told that the ICT team is being kept on its toes by dealing with other cyber risks to do with attacks on Microsoft services.

Systems have been updated to deal with a new threat from the WannaCry ransomwear that caused disruption to the NHS in 2017.

Mr Britten said the biggest risk is in people opening something in an email because, despite all the security updates “sometimes the hackers are one step ahead.”

He said staff were advised not to use work email addresses for personal business.