The government today issued an urgent warning to businesses to update the security of their computer systems to fend off a wave of sophisticated e-mail Trojan attacks. The attacks are targeting government and financial organisations in the UK.
The National Infrastructure Security Co-ordination Centre (NISCC) said that businesses and individuals were at risk from the attacks, which have been traced to internet addresses in the Far East.
A series of e-mails containing a variety of Trojan horse programs, which are designed to steal economic and financial information and transmit it back to attackers across the internet, have been sent to a number of UK government departments since January.
The discovery has sparked a major behind-the-scenes operation by NISCC to alert more than 300 government and private sector organisations responsible for the UK’s critical infrastructure and services, to introduce countermeasures on their computer systems.
Roger Cumming, director of NISCC, said that the Trojan attacks, which have also been detected in other financial centres in Europe, the US and Australia, were extremely sophisticated and well organised. The attacks have no link to recent Trojan attacks launched against Israeli companies.
“When you start to measure this particular attack, it is clear that it is coming from something more than a couple of teenagers. The attack is clearly not targeted at stealing money. It is aimed at gathering information. It is extremely well organised and requires quite a lot of resources to execute,” he said.
In an unprecedented move, NISCC is urging businesses to upgrade their security systems now, in a concerted attempt to send a message back to the attackers that the UK is not a soft target.
Companies should ensure their anti-virus systems are up to date, make sure they have the latest security patches and configure their firewalls to block any unauthorised attempt to connect to their network, NISCC said.
“Our philosophy is that if everyone in the UK was to adopt our advice and install all the latest patches, that attack would not have any impact on UK plc,” said Cumming.
NISCC has worked behind the scenes with anti-virus companies over the past few weeks to ensure that anti-virus software is updated to detect the Trojans at the centre of the attacks.
The organisation has been working closely with agencies in other countries, to take down sites that could be used to distribute the Trojans.
Organisations in the financial services sector, water, electricity and other essential services had already protected their systems following confidential warnings from NISCC.
“We have succeeded in making the UK a hard target to attack,” said Cumming.
The attackers' aim was to gain economic advantage by retrieving economic and financial information from governments and banks, but their identity is still unclear, NISCC said.
The attacks use a variety of custom designed and ready-made Trojans, which have been modified in an attempt to evade anti-virus software. The attackers have used a wide variety of constantly changing Trojans to evade detection.
Infected emails are normally targeted at individuals who work with commercially or economically sensitive data.
The e-mails are spoofed to make them appear to have come from trusted contacts, news agencies, or government departments. They contain subject lines designed to trick the recipient into opening Trojanised file.
Once opened, an infected attachment can give attackers control over the machine. The Trojans can be used to collect user names and passwords, scan drives for documents, send data back to remote computers and to launch attacks against other computers.
NISCC said it is anxious to hear from any business organisations that have been on the receiving end of the Trojans.
Further details: www.niscc.gov.uk