U.K. Under Cyberattack - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

01:36 PM

U.K. Under Cyberattack

Government agencies and companies in the U.K. are under attack by a concerted series of Trojan horses out to steal information.

Government agencies and companies in the U.K. are under attack by a concerted series of Trojan horses out to steal information, the country's National Infrastructure Security Co-ordination Center (NISCC) announced Thursday.

According to the NISCC, whose duties correspond to the U.S. Computer Emergency Readiness Team (US-CERT), more than 300 U.K. agencies and companies have been targeted by the attack, which involves more than 75 different Trojan horses and in many cases, can be traced back to the Far East.

While the attacks have been underway for some time, the NISCC said in its alert that it wanted to spread the news to "raise awareness of these attacks and provide protective advice."

The Trojans, which arrive either as attachments to e-mail messages spoofed as coming from trusted contacts, news agencies, or even government departments, or are installed after users surf to links embedded in other such messages, are after information, pure and simple.

"Trojan capabilities suggest that the covert gathering and transmitting of otherwise privileged information is a principal goal," said the alert. "The attacks normally focus on individuals who have jobs working with commercially and economically sensitive data."

NISCC's alert also said that some of the Trojans spotted were designed to avoid anti-virus scanners, and that the variety and constant evolution of the malicious code used by the attacker(s) "appears to be a strategy to identify the conditions needed to successfully penetrate a network."

That strategy is neither new nor limited to Trojans. Some analysts, in fact, believe that the ultra-prolific author(s) of the Mytob worm -- who has launched scores of variants against users -- is using the same technique to figure out the "perfect" worm.

U.K. security firm Sophos was brought in to help NISCC analyze the Trojans, said Carole Theriault, a security consultant with the company. Sophos found that in every case, the malware's goal was to install either a keylogger, or other software that would sniff through files, pull selected information, and transmit it back to the attacker.

"Who is doing this we can't answer," said Theriault, "but two-thirds of them were Trojans we've seen before. The other third were totally new, but not significantly different than your average run-of-the-mill Trojan horse."

Theriault wasn't surprised by the attack, since the number of Trojan-based assaults have been skyrocketing. According to Sophos' figures, the count of keylogging Trojans has tripled in the past 12 months.

Although the NISCC's alert leaned toward a focused, targeted attack on U.K. government workers in particular -- "Unlike phishing attacks and e-mail worms, the attackers are specifically targeting governmental and commercial organizations" -- Theriault wasn't ready to reach the same conclusion.

"From the Trojans themselves there's nothing to suggest that they're any part of a real campaign," she said. "It's possible that what the NISCC is seeing is just a lot of Trojans that hit agencies in a lot of different ways."

Another analyst, however, thought this was the best example yet of an attack profile that security experts have been expecting for a long time.

"One of the hardest thing about being in security is saying 'I told you so' without sounding smug," wrote Richard Stiennon, director of threat research at anti-spyware software vendor Webroot, in his blog Thursday.

"The attack underway in the U.K. has been predicted for years: targeted, social engineered, modified viruses used to attack government and industry," he went on. "When you think about it, this method of attack is obvious. Select a target, modify a virus or Trojan to avoid detection, and send it directly to insiders with spoofed return e-mail addresses from other insiders."

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
The State of Cloud Computing - Fall 2020
The State of Cloud Computing - Fall 2020
Download this report to compare how cloud usage and spending patterns have changed in 2020, and how respondents think they'll evolve over the next two years.
Top 10 Data and Analytics Trends for 2021
Jessica Davis, Senior Editor, Enterprise Apps,  11/13/2020
Where Cloud Spending Might Grow in 2021 and Post-Pandemic
Joao-Pierre S. Ruth, Senior Writer,  11/19/2020
The Ever-Expanding List of C-Level Technology Positions
Cynthia Harvey, Freelance Journalist, InformationWeek,  11/10/2020
Register for InformationWeek Newsletters
Current Issue
Why Chatbots Are So Popular Right Now
In this IT Trend Report, you will learn more about why chatbots are gaining traction within businesses, particularly while a pandemic is impacting the world.
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll