Slashdot Mirror

← Back to Stories (view on slashdot.org)

UK Critical Structures Targeted by Trojan Attacks

Posted by Zonk on from the beware-greeks-bearing-gifts dept.

ElGanzoLoco writes "The UK's National Infrastructure Security Coordination Centre is reporting that key british infrastructures (government, telecom, transports, banks among others) are under attack by specific, targeted e-mail trojans. According to their report (PDF), 'the emails use social engineering to appear credible, with subject lines often referring to news articles that would be of interest to the recipient. In fact they are "spoofed", making them appear to originate from trusted contacts, news agencies or Government departments.'. The attackers are apparently trying to gather sensitive or secret data. While the NISCC has not been able to precisely trace the attacks' origins, most IPs seem to trace back to Far-East Asia."

7 of 102 comments (clear)

  1. Shocking by Anonymous Coward · · Score: 0, Insightful

    that the UK is only now finding out about email scam tactics.
    If we had been watching the rest of the world, we would have known the sorts of things to expect.

    Makes me somewhat ashamed to be English sometimes...

    1. Re:Shocking by krowten21 · · Score: 2, Insightful

      First of all phishing is an attack against account holders of "Major US Corporations" not against those organizations. Vulnerability to targeted attacks using modified Trojans, while not new, is the weak underbelly of corporate security. No amount of security awareness training is going to stop somone from opening an email apparently from their boss that says: "Here is your performance appraisal, open immediately". There was a concerted (unreported in the media) attack against 5 big banks in New York a year ago. Customized viruses were used. It took major pressure to get the AV vendors to add sigs for these "non-wild" viruses. more at http://www.threatchaos.com/

  2. Political Spin? by Kinky+Bass+Junk · · Score: 5, Insightful

    While the NISCC has not been able to precisely trace the attacks' origins, most IPs seem to trace back to Far-East Asia.

    There's no doubt that these attacks will create a political spin, which could be their target in the first place. We all know there are many tensions between western and easter countries, particularly North Korea & China, and U.K. & U.S.A. This also goes hand-in-hand with previous stories saying there are highly skilled cracker armies in North Korea. I would say without a doubt that these are politically motivated.

    --
    Anonymous Coward
  3. British government hit by spam! Declares emergency by khasim · · Score: 4, Insightful
    A number of open source3 and bespoke trojans, altered to avoid antivirus
    detection, have been used. The wide variety and constant evolution of
    the trojans used appears to be an attacker strategy to identify the conditions
    needed to successfully penetrate a network.
    Sounds like the regular spam and virus crap I get.

    Maybe the "far eastern" enemies think I'm part of the British government?
    Investigate anomalous slow-running machines, looking for unknown processes or unexpected Internet connections, as this may be an indication of malicious programs operating in the background. User reports of such behaviour should be encouraged and fully investigated.
    Oh yeah. That's going to be GREAT!

    No more of those "reboot and see if it fixes the problem" comments. Now it has to be "fully investigated".
    Implement spam filtering to guard against infrastructures commonly used by the attackers. Anti-spam measures such as greylisting/blacklisting of dial-ups, open proxies and open relays, in addition to more sophisticated methods (e.g. Bayesian filtering) can be effective protective measures.
    But I already do that.

    Wow, my email system is more "secure" than the British governments! Who would have guessed!
  4. British or Global problem? by Claws+Of+Doom · · Score: 3, Insightful

    I question the tone of the headline and the content. The implication is that British sites are being targetted exclusively. Being a British Government publication, this would have been their remit. I think that if the net was thrown wider you'd see that this is a general problem for the internet as a whole, and also for personal as well as business and Government computers. The article is correct in so far as it goes, but is far to narrow its view to be newsworthy. It would have been far more interesting if they'd found that other territories weren't being targetted. My suspicion is that there isn't any targetting - only carpet bombing.

  5. Re:Why on Earth are these machines running Win32? by Turn-X+Alphonse · · Score: 1, Insightful

    Welcome to the Government here. No matter what we say they ignore us, bullshit idiots then ignore them again for another 4 years.

    We're sick of it just like everyone else is, it's just that we can't do anything. We all opposed a war yet we still took part for example.

    People have given up on politics and the government has given up on common sense and the citizens.

    --
    I like muppets.
  6. Ahh Social Engineering by snortCrush69 · · Score: 3, Insightful

    Once again charisma and believabilty > Technology. So many Network Admins become enamored with firewalls, IDS, and other kinds of tech savvy protection, that they usually will hold the door open for social engineers. Until employees and users are better educated and social engineering becomes part of the corporate threat model, we're going to see these types of attacks continue to grow in number