Fri. Nov 18th, 2022

By Adam Vaughan
Weather services have been hit by malware
Who_I_am/Getty Images
Weather services across Europe have been caught in a storm of malicious email attacks in the past week, forcing groups to upgrade security measures and creating challenges for staff.
The Met Office and European Centre for Medium-Range Weather Forecasts (ECMWF) in the UK, Spains State Meteorological Agency and the Danish Meteorological Institute (DMI) are among the European services that were affected, New Scientist has confirmed.
People at meteorological services have received a mass of emails purporting to come from trusted contacts, with some of the senders spoofing European Commission addresses.
The widespread attacks came after the laptop of an individual in the meteorological community was infected by malware, leading the users mailbox to be acquired by a botnet, the ECMWF says. The botnet then used their email account to send messages with malware to contacts in the community. Email lists from several international meteorological organisations, which have not been named, were infected.
Whilst this attack has created disruption, we can confirm that the attack has remained at email level and that our systems were not breached, and our operations were at no time jeopardised, a spokesperson for ECMWF says.
It is unclear whether the attackers were deliberately targeting weather services, which are considered national infrastructure in many countries, or simply got lucky by infecting the computer of an individual who was a member of several meteorological groups.
Either way, the attack posed a challenge. The Met Office confirmed several members of staff had received malicious emails which purported to be from a range of sources within the European Met community.
A spokesperson for the Met Office says the number of emails has greatly reduced in the last few days and it is confident that measures put in place, including blocking links and attachments and providing security guidance to staff, means no machines have been compromised. The new measures created some challenges for our day-to-day work but the impact on services had been minimal, they add.
Ruth Mottram, a climate scientist at the DMI, says there has been some minor disruption as legitimate emails are being caught in spam filters. Colleagues at other weather services have reported IT departments are stripping out any attachments, she adds. The attacks are naturally putting a bit of pressure on the email system, and therefore working life, but the DMIs IT team are on top of it, she says.
Mike Beck at UK cyber security firm DarkTrace says meteorological groups would likely be naturally vulnerable to such attacks because of their open and collaborative nature. Ive seen that before in academia, its much easier for attackers to spread, he says.
David Emm at the Russian security company Kaspersky says having an insiders email account compromised is gold for attackers, and would have helped emails spread. He says it is hard to say whether the owner of the original infected laptop was targeted specifically, or fell victim to a generalised phishing approach.
More on these topics: