The Garda Síochána (Irish Police) has admitted its internal systems were hit by a cyberattack last week. The cyberattack used a zero-day attack, a previously unknown vulnerability. Garda officials said that the attack forced the shutdown of several internal systems including email. A Garda spokesperson said that no data was compromised or taken.
A report in the Irish Herald quoted a Garda spokesperson as saying: “Heightened security procedures were implemented and standard protocols were enforced across all Garda ICT environments to limit any effect on our systems. Working with security experts, the threat was identified and an appropriate solution was implemented across all Garda Síochána ICT (Information and Communications Technology) systems. An Garda Síochána are continuing our investigation into the incident.”
The attack is being investigated by specialists from the Computer Crime Unit at the Garda Bureau of Fraud Investigations. Their focus is likely to be not just on how the attack happened by who carried it out. The initial focus will be to rule out an insider attack. This includes the possibility that the malware was brought into contact with Garda systems through an infected personal device. The bigger question is who the attackers were and where they are based in the world.
In December last year, the Garda Inspectorate issued a damning report that the Garda IT systems were decades out of date. Since then there has been a process to start updating systems. One of the areas of investigation will be whether the attack was made possible due to gaps between old and new systems. This is a risk that all organisations face when updating older systems.
This attack on the Garda shows that criminals are not just looking to attack commercial companies. If this was a deliberate attack on the Garda it will be interesting to see what happens next. While the Garda is currently saying that no data was taken it is probably too soon to be absolutely certain. It will also be interesting to see which software was compromised through the zero-day attack.