[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[infowar.de] UK under cyber blitz | The Register
<http://www.theregister.co.uk/2005/06/16/uk_cyber-blitz/>
UK under cyber blitz
By John Leyden
Published Thursday 16th June 2005 13:44 GMT
Hackers are targeting British workers with a series of specially crafted
Trojan horse attacks. The attacks are delivered either through email
attachments or through links to maliciously-constructed websites, the UK's
National Infrastructure Security Co-ordination Centre (NISCC) warned on
Thursday.
Approximately 300 UK government departments and businesses critical to the
country's infrastructure have been the subject of Trojan horse attacks,
many reportedly originating in the Far East. "The attackers' aim appears to
be covert gathering or transmitting of commercially or economically
valuable information," NISCC warns.
The attacks seek to compromise computers so that remote hackers can steal
privileged information and potentially launch further attacks. Infected
email employ social engineering tricks, for example posing as information
relevant to a target's job. "Once installed on a user's machine, Trojans
may be used to obtain passwords, scan networks, exfiltrate [send out]
information and launch further attacks," according to NISCC. "Anti-virus
software and firewalls do not give complete protection. Trojans may
communicate with the attackers using common ports (eg HTTP, DNS, SSL) and
can be modified to avoid anti-virus detection."
Paul King, principal security consultant at Cisco Systems UK, said the
attacks demonstrated how conventional anti-virus scanning software was
ineffective at stopping new and unknown attacks. "The role of anti-virus
has become to throw away known bad stuff. Other technologies, such as
host-based intrusion prevention, are needed to defend against previously
unseen attacks."
NISCC said the attacks had being going on for some time but have recently
become more sophisticated. Mark Sunner, CTO of UK-based email security firm
MessageLabs, said it had recorded instances of the attacks for more than a
year. "These are targeted attacks, very low in number and often featuring
hand-crafted exploits. They're barely on the radar. These are not mass
mailers. We only see between 10 and 100 infected emails per attack and
around two attacks per week.
"There's no rhyme or reason to the industry sectors targeted, certainly
they aren't particularly focused on financial institutions." Although
similar methods are been used, NISSC said they are distinct from an
industrial espionage scandal targeting Israeli firms that emerged with the
arrest of 21 people in the UK, Israel and elsewhere last month. It said the
majority of the attacks seen so far had targeted central government though
private sector firms are also under fire.
NISCC has documented the attack and put together a set of recommendations
on defence strategies in a nine-page document here. An appendix details the
designation given by anti-virus firms for Trojans used in the attack. All
listed Trojans at the time of writing are Windows specific. ®
----- End forwarded message -----
Gruss
--
Pluto - SysAdmin of Hades
Free information! Freedom through knowledge. Wisdom for all!! =:-)
PGP://0xB4BBB4A9?524CB500A8F3EAA2&6A3E5272F9072A17 ICQ: 286852401
---------------------------------------------------------------------
To unsubscribe, e-mail: infowar -
de-unsubscribe -!
- infopeace -
de
For additional commands, e-mail: infowar -
de-help -!
- infopeace -
de