Weather services across Europe have been caught in a storm of malicious email attacks in the past week, forcing groups to upgrade security measures and creating challenges for staff.
The Met Office and European Centre for Medium-Range Weather Forecasts (ECMWF) in the UK, Spain’s State Meteorological Agency and the Danish Meteorological Institute (DMI) are among the European services that were affected, New Scientist has confirmed.
People at meteorological services have received a mass of emails purporting to come from trusted contacts, with some of the senders spoofing European Commission addresses.
The widespread attacks came after the laptop of an individual in the meteorological community was infected by malware, leading the user’s mailbox to be acquired by a botnet, the ECMWF says. The botnet then used their email account to send messages with malware to contacts in the community. Email lists from several international meteorological organisations, which haven’t been named, were infected.
“Whilst this attack has created disruption, we can confirm that the attack has remained at email level and that our systems were not breached, and our operations were at no time jeopardised,” a spokesperson for the ECMWF says.
It is unclear whether the attackers were deliberately targeting weather services, which are considered national infrastructure in many countries, or simply got lucky by infecting the computer of an individual who was a member of several meteorological groups.
Either way, the attack posed a challenge. The Met Office confirmed that several members of staff had received malicious emails purporting “to be from a range of sources within the European Met community”.
A spokesperson for the Met Office says the number of emails has greatly reduced in the past few days and it is confident that measures put in place, including blocking links and attachments and providing security guidance to staff, means no machines have been compromised. The new measures “created some challenges for our day-to-day work” but the impact on services had been minimal, they add.
Ruth Mottram, a climate scientist at the DMI, says there has been some minor disruption as legitimate emails are being caught in spam filters. Colleagues at other weather services have reported that IT departments are stripping out any attachments, she adds. The attacks are “naturally putting a bit of pressure on the email system, and therefore working life”, but the DMI’s IT team are “on top of it”, she says.
Mike Beck at UK cyber security firm Darktrace says meteorological groups are likely to be naturally vulnerable to such attacks because of their open and collaborative nature. “I’ve seen that before in academia, it’s much easier for attackers to spread,” he says.
David Emm at cybersecurity firm Kaspersky says having an insider’s email account compromised is “gold” for attackers, and would have helped emails spread. He says it is hard to say whether the owner of the original infected laptop was targeted specifically, or fell victim to a generalised phishing approach.