With over 300 UK government departments and businesses – including some process companies – coming under sustained attack from hackers, the country's National Infrastructure Security Coordination Centre (NISCC) has been forced to issue a special briefing notice on the subject.
In its 08/2005 briefing, the NISCC warns specifically about targeted Trojan email attacks. It notes that:
- The attackers’ aim appears to be covert gathering and transmitting of commercially or economically valuable information.
- Trojans are delivered either in email attachments or through links to a website.
- IP addresses used for sending emails and controlling Trojans, long with email header information, are often linked to the Far East.
- The emails employ social engineering, including use of a spoofed sender address and information relevant to the recipient's job or interests to entice them into opening the documents.
- Once installed on a user machine, Trojans may be used to obtain passwords, scan networks, exfiltrate information and launch further attacks.
- Anti-virus software and firewalls do not give complete protection. Trojans can communicate with the attackers using common ports such as HTTP, DNS and SSL and can be modified to avoid anti-virus detection.
The NISCC was set up in 1999 and is an inter-departmental centre drawing on contributions from across the UK government. With a budget of £10m and 85 staff, it is responsible for the Critical National Infrastructure (CNI).
The UK government regards the CNI as those assets, services and systems that support the economic, political and social life of the country whose importance is such that any entire or partial loss or compromise could: cause large-scale loss of life; have a serious impact on the national economy; have other grave social consequences for the community; and be of immediate concern to the national government.
The CNI is categorised as 10 interdependent sectors, including process sectors such as energy, food and water. According the NISCC, each involve “many different companies and organisations, all of which rely heavily on computers and associated electronic technologies in their day-to-day business, making them vulnerable to an electronic attack. Many of these systems are now connected to the Internet which, while improving business efficiency, also presents a direct route for an attack”.
The NISCC website (www.niscc.gov.uk) is a cornerstone its outreach policy and from it can be accessed the very latest IT security bulletins in the form of alerts and briefings as well as a broader range of advice and information."