UK firms get fresh hacker warning
Organised gangs are using distribution e-mail lists to cleverly engineer mails that look legitimate and relevant.
The Home Office said many of the attacks seemed to originate from Asia.
The warning is aimed at government departments and businesses that are part of the UK's Critical National Infrastructure (CNI).
The government's NISCC works with the CNI so that computer systems which run critical infrastructure, such as telecommunications, energy, and power station networks, are protected.
"We have not seen anything like this in terms of the scale of industrial attacks before," a Home Office spokesperson told the BBC News website.
Because of the scale and organised nature of these attacks, we have felt the need to scale up the footprint of this alert
A Home Office spokesperson said "It is no longer hackers in their bedroom. They are targeted at gaining information and are very well structured and organised."
NISCC is in constant contact with the CNI about net threats, but the aim of this report and the protection advice issued on its website, is to ensure others that fall outside the usual CNI channels of communication get the message.
This would include any organisations that work with commercially sensitive information.
"The reason why we have chosen to go public this way is because we have gone through the usual routes - we have flagged up the threats to the CNI stakeholders.
"But because of the scale and organised nature of these attacks, we have felt the need to scale up the footprint of this alert," he said.
The spokesperson added that NISCC had "no evidence" that any sensitive information had actually been stolen via any attacks, and that the origin of attacks was difficult to pin down.
Based on internet protocol address (IP) evidence, though, they tended "overwhelming" to originate from the Far East.
The number of organisations targeted was also not known, but the fresh advice was aimed at increasing awareness, said the spokesperson.
Trojan horses are small, malicious programs usually hidden in e-mail attachments. They can also be picked up on certain websites.
They can perform a number of functions once they are launched unwittingly, such as secretly install keylogging programs which can then be used to gather sensitive passwords and other information.
Net security firm Sophos said it had seen a threefold increase in the number of keylogging Trojans alone in the last year.
"We see more than a dozen new pieces of malware capable of stealing highly valuable and sensitive information every day," said Carole Theriault, security consultant at Sophos.
"While it's worrying that the UK's critical infrastructure could be at risk, this also serves as a reminder to all UK businesses that they must keep their systems secure to avoid confidentiality leaks. Every computer used for business must be protected with up-to-date anti-virus software and a firewall."
Increasingly, people are fooled into opening the e-mails because many have a subject line which makes them look like normal correspondence.
STAYING SAFE ONLINE
- Install anti-virus software
- Keep your anti-virus software up to date
- Install a firewall
- Use Windows updates to patch security holes
- Do not open e-mail messages that look suspicious
- Do not click on e-mail attachments you were not expecting
Once the e-mail attachment is opened, a Trojan can enable a hacker to take control of the recipient's PC.
The e-mails also often appear to come from people known to the recipient. This kind of "social engineering" is a newer aspect to net threats which cybercriminals are using.
The continued use of e-mail distribution lists to discuss certain topics within businesses and government departments meant specific information and e-mail addresses could be gleaned from the net quite easily, said Richard Veale, director of the specialist information risk management firm, Ebis.
This way, cybercriminals could tailor e-mails to look like a relevant discussion topic to the recipient.
"Some very sophisticated individuals are leveraging the inadequacy in government and corporate security around information flows," he told the BBC News website.
This meant there was a "phenomenal amount" of "uncontrolled information", he said.
"Organisations and government departments are not in control of the information process as much as they thought. It is like leaving a window ajar."
He said quantification of the scale of the threat appeared to be almost impossible and that many businesses may even be unaware they have been hit by a Trojan.
Recent reports from anti-virus firms suggest that hackers are getting more sophisticated and can make viruses and other harmful software mutate so quickly that anti-virus software has difficulty keeping up.
The UK's NISCC and National Hi-Tech Crime Unit are working with the authorities in a number of Asian countries to identify and shut down the internet addresses the attacks are coming from.
"There is a limit to what government resources can do and it is up to companies and organisations to take responsibility themselves," said the Home Office spokesperson.
"It is clearly important for companies to always be aware that there are vulnerabilities and threats out there."
END
__________________
If you have any comments on this article or would like to find out more about the work of the Continuity Forum please contact Sara McKenna or Russell at the Continuity Forum directly on 020 8993 1599 or info@continuityforum.org