Friday, June 17, 2005

UK Critical Infrastructure being Attacked

A report by the United Kingdom's National Infrastructure Security Co-ordination Center warns of a pattern of ongoing attacks. Key points (none surprising):
• A series of trojanised email attacks are targeting UK Government and companies.
• The attackers’ aim appears to be covert gathering and transmitting of commercially or economically valuable information.
• Trojans are delivered either in email attachments or through links to a website.
• The emails employ social engineering, including use of a spoofed sender address and information relevant to the recipient’s job or interests to entice them into opening the documents.
• Once installed on a user machine, trojans may be used to obtain passwords, scan networks, exfiltrate information and launch further attacks.
• Anti-virus software and firewalls do not give complete protection. Trojans can communicate with the attackers using common ports (e.g HTTP, DNS, SSL) and can be modified to avoid anti-virus detection.

Labels: ,


Comment by Blogger Jim Horning:

An article in the Wall Street Journal (registration required) indicates that the problem is more widespread, and may be originating in Asia. Excerpt:

Authorities say unidentified hackers from Asia have been launching a wave of attacks on government and corporate computer systems in the U.S., Canada and the U.K. in an effort to steal sensitive commercial data.

The British government Thursday announced that hackers seeking commercially and economically valuable information were attacking vital U.K. government and corporate computer networks. It cited the source of the attacks as "often linked to the Far East."

The problem appears to be more widespread than the U.K. government initially indicated. The attacks started at least two years ago and have targeted institutions in the U.S., Canada and Australia, among dozens of other countries, authorities say.

The revelations show that computer viruses released via the Internet increasingly are being used to garner confidential information, ranging from personal banking details of consumers to industrial espionage.

12:40 PM  

Post a Comment