The government today issued an urgent warning to
businesses to update the security of their computer systems to fend
off a wave of sophisticated e-mail Trojan attacks. The attacks are
targeting government and financial organisations in the
UK.
The National Infrastructure Security Co-ordination Centre
(NISCC) said that businesses and individuals were at risk from the
attacks, which have been traced to internet addresses in the Far
East.
A series of e-mails containing a variety of Trojan horse
programs, which are designed to steal economic and financial
information and transmit it back to attackers across the internet,
have been sent to a number of UK government departments since
January.
The discovery has sparked a major behind-the-scenes operation by
NISCC to alert more than 300 government and private sector
organisations responsible for the UK’s critical infrastructure and
services, to introduce countermeasures on their computer
systems.
Roger Cumming, director of NISCC, said that the Trojan attacks,
which have also been detected in other financial centres in Europe,
the US and Australia, were extremely sophisticated and well
organised. The attacks have no link to recent Trojan attacks
launched against Israeli companies.
“When you start to measure this particular attack, it is clear
that it is coming from something more than a couple of teenagers.
The attack is clearly not targeted at stealing money. It is aimed
at gathering information. It is extremely well organised and
requires quite a lot of resources to execute,” he said.
In an unprecedented move, NISCC is urging businesses to upgrade
their security systems now, in a concerted attempt to send a
message back to the attackers that the UK is not a soft target.
Companies should ensure their anti-virus systems are up to date,
make sure they have the latest security patches and configure their
firewalls to block any unauthorised attempt to connect to their
network, NISCC said.
“Our philosophy is that if everyone in the UK was to adopt our
advice and install all the latest patches, that attack would not
have any impact on UK plc,” said Cumming.
NISCC has worked behind the scenes with anti-virus companies
over the past few weeks to ensure that anti-virus software is
updated to detect the Trojans at the centre of the attacks.
The organisation has been working closely with agencies in other
countries, to take down sites that could be used to distribute the
Trojans.
Organisations in the financial services sector, water,
electricity and other essential services had already protected
their systems following confidential warnings from NISCC.
“We have succeeded in making the UK a hard target to attack,”
said Cumming.
The attackers' aim was to gain economic advantage by retrieving
economic and financial information from governments and banks, but
their identity is still unclear, NISCC said.
The attacks use a variety of custom designed and ready-made
Trojans, which have been modified in an attempt to evade anti-virus
software. The attackers have used a wide variety of constantly
changing Trojans to evade detection.
Infected emails are normally targeted at individuals who work
with commercially or economically sensitive data.
The e-mails are spoofed to make them appear to have come from
trusted contacts, news agencies, or government departments. They
contain subject lines designed to trick the recipient into opening
Trojanised file.
Once opened, an infected attachment can give attackers control
over the machine. The Trojans can be used to collect user names and
passwords, scan drives for documents, send data back to remote
computers and to launch attacks against other computers.
NISCC said it is anxious to hear from any business organisations
that have been on the receiving end of the Trojans.
Further details:
www.niscc.gov.uk