With more than 300 UK government departments and businesses – including some process companies – coming under sustained attack from hackersthe country’s National Infrastructure Security Coordination Centre (NISCC) has been forced to issue a special briefing notice on the subject.
In its 08/2005 briefingthe NISCC warns specifically about targeted Trojan email attacks. It notes that:
- The attackers’ aim appears to be covert gathering and transmitting of commercially or economically valuable information.
- Trojans are delivered either in email attachments or through links to a website.
- IP addresses used for sending emails and controlling Trojanslong with email header informationare often linked to the Far East.
- The emails employ social engineeringincluding use of a spoofed sender address and information relevant to the recipient’s job or interests to entice them into opening the documents.
- Once installed on a user machineTrojans may be used to obtain passwordsscan networksexfiltrate information and launch further attacks.
- Anti-virus software and firewalls do not give complete protection. Trojans can communicate with the attackers using common ports such as HTTPDNS and SSL and can be modified to avoid anti-virus detection.
The NISCC was set up in 1999 and is an inter-departmental centre drawing on contributions from across the UK government.
With a budget of £10m and 85 staffit is responsible for the Critical National Infrastructure (CNI).
The UK government regards the CNI as those assetsservices and systems that support the economicpolitical and social life of the country whose importance is such that any entire or partial loss or compromise could: cause large-scale loss of life; have a serious impact on the national economy; have other grave social consequences for the community; and be of immediate concern to the national government.
The CNI is categorised as 10 interdependent sectorsincluding process sectors such as energyfood and water.
According the NISCCeach involve ‘many different companies and organisationsall of which rely heavily on computers and associated electronic technologies in their day-to-day businessmaking them vulnerable to an electronic attack.
Many of these systems are now connected to the Internet whichwhile improving business efficiencyalso presents a direct route for an attack.’
The NISCC website is a cornerstone its outreach policy and from it can be accessed the very latest IT security bulletins in the form of alerts and briefings as well as a broader range of advice and information.
For more informationvisit www.niscc.gov.uk"