Feeds

UK under cyber blitz

Far East Trojan attack targets 'commercial and economic' secrets

  • alert
  • submit to reddit

Build a business case: developing custom apps

Hackers are targeting British workers with a series of specially crafted Trojan horse attacks. The attacks are delivered either through email attachments or through links to maliciously-constructed websites, the UK's National Infrastructure Security Co-ordination Centre (NISCC) warned on Thursday.

Approximately 300 UK government departments and businesses critical to the country's infrastructure have been the subject of Trojan horse attacks, many reportedly originating in the Far East. "The attackers' aim appears to be covert gathering or transmitting of commercially or economically valuable information," NISCC warns.

The attacks seek to compromise computers so that remote hackers can steal privileged information and potentially launch further attacks. Infected email employ social engineering tricks, for example posing as information relevant to a target's job. "Once installed on a user's machine, Trojans may be used to obtain passwords, scan networks, exfiltrate [send out] information and launch further attacks," according to NISCC. "Anti-virus software and firewalls do not give complete protection. Trojans may communicate with the attackers using common ports (eg HTTP, DNS, SSL) and can be modified to avoid anti-virus detection."

Paul King, principal security consultant at Cisco Systems UK, said the attacks demonstrated how conventional anti-virus scanning software was ineffective at stopping new and unknown attacks. "The role of anti-virus has become to throw away known bad stuff. Other technologies, such as host-based intrusion prevention, are needed to defend against previously unseen attacks."

NISCC said the attacks had being going on for some time but have recently become more sophisticated. Mark Sunner, CTO of UK-based email security firm MessageLabs, said it had recorded instances of the attacks for more than a year. "These are targeted attacks, very low in number and often featuring hand-crafted exploits. They're barely on the radar. These are not mass mailers. We only see between 10 and 100 infected emails per attack and around two attacks per week.

"There's no rhyme or reason to the industry sectors targeted, certainly they aren't particularly focused on financial institutions." Although similar methods are been used, NISSC said they are distinct from an industrial espionage scandal targeting Israeli firms that emerged with the arrest of 21 people in the UK, Israel and elsewhere last month. It said the majority of the attacks seen so far had targeted central government though private sector firms are also under fire.

NISCC has documented the attack and put together a set of recommendations on defence strategies in a nine-page document here. An appendix details the designation given by anti-virus firms for Trojans used in the attack. All listed Trojans at the time of writing are Windows specific. ®

Related stories

Hackers plot to create massive botnet
ISPs urged to throttle spam zombies
Duo charged over DDoS for hire scam
Britain tops zombie PC charts
Israel unmasks spyware ring

Endpoint data privacy in the cloud is easier than you think

More from The Register

next story
14 antivirus apps found to have security problems
Vendors just don't care, says researcher, after finding basic boo-boos in security software
'Things' on the Internet-of-things have 25 vulnerabilities apiece
Leaking sprinklers, overheated thermostats and picked locks all online
iWallet: No BONKING PLEASE, we're Apple
BLE-ding iPhones, not NFC bonkers, will drive trend - marketeers
Multipath TCP speeds up the internet so much that security breaks
Black Hat research says proposed protocol will bork network probes, flummox firewalls
Only '3% of web servers in top corps' fully fixed after Heartbleed snafu
Just slapping a patched OpenSSL on a machine ain't going to cut it, we're told
Microsoft's Euro cloud darkens: US FEDS can dig into foreign servers
They're not emails, they're business records, says court
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Israel's Iron Dome missile tech stolen by Chinese hackers
Corporate raiders Comment Crew fingered for attacks
prev story

Whitepapers

7 Elements of Radically Simple OS Migration
Avoid the typical headaches of OS migration during your next project by learning about 7 elements of radically simple OS migration.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Solving today's distributed Big Data backup challenges
Enable IT efficiency and allow a firm to access and reuse corporate information for competitive advantage, ultimately changing business outcomes.
A new approach to endpoint data protection
What is the best way to ensure comprehensive visibility, management, and control of information on both company-owned and employee-owned devices?