UK and Ireland cyber attacks up 300% in 2013, says FireEye

UK and Ireland (UKI) enterprises were hit by an average of more than 70 new infections a day in 2013, according to the latest regional threat report by security firm FireEye.

This represents a 300% increase in enterprise attacks across the region compared with 2012.

Every day in the last quarter of 2013, more than 130 unique infections of enterprises were identified, with 45% of the year’s infections occurring during this period.

Data from nearly 40,000 cyber attacks around the world shows that the UK was one of the top 10 countries exposed to advanced persistent threat (APT) attacks.

With 12 unique verticals hit, the UK ranked fourth in the world along with France and Thailand.

The APT malware families Backdoor.LV, Taidoor and PingBed accounted for 37% of the APT attacks carried out in UKI in 2013.

Worldwide, the most targeted verticals were government, energy (including utilities and petroleum refining), financial services and higher education.

The highest computer infection rates were recorded in financial services, telecommunications, energy (including utilities and petroleum refining), healthcare and pharmaceutical, and higher education.

About 20% of infections were in the financial services sector, which shows attackers are concentrating on the vertical with the most money.

The telecoms industry is also highly targeted because it connects organisations and provides opportunities for attackers to spy on organisations and individuals.

Paul Davis, vice-president, Europe at FireEye, said: “With financial and telecommunications operations being key drivers of UKI markets, advanced threat actors have many high-value targets.

“Combine this with the proliferation of high-tech across all industries, and it is clear why we have seen such a drastic spike in attacks since the beginning of 2013.”

FireEye has also released a regional advance threat report covering the entire European region, which reveals a 2013 average of one computer infection every six minutes.

Yogi Chandiramani, European director of systems engineering for FireEye, said: “It is worth noting that these are infections that are bypassing the legacy security technology architecture that organisations are currently using.

“This demonstrates that traditional security is not enough any more, and it highlights that the number of infected workstations is increasing quite a lot.”

This means organisations need to start preparing for this new kind of attack by ensuring they can detect them quickly and fix the malware infections, said Chandiramani.

“The focus has to shift to what organisations are able to do once they have detected a breach or infection, as these become increasingly inevitable,” he added.

The European report identifies more than 90 APT families, which represents about one-third of the APT families worldwide and means attackers are using specific tools, techniques and procedures to compromise organisations.

“This shows that attackers are going about compromising organisations in a highly targeted way, typically through specially crafted emails to lure recipients to a compromised website or with malicious attachments,” said Chandiramani.

The European report shows that just four countries account for more than 70% of unique infections, which means attackers are concentrating on the UK, Switzerland, Germany and France.

Chandiramani added: “What this tells us is that attackers are increasingly targeting organisations with high-value intellectual property, particularly those in the healthcare and pharmaceutical verticals (21%), financial services (17%), chemicals (9%) and education (9%).” 

He said the aim of the report was to help European CISOs and CIOs to understand the enemy better. This includes understanding the different types of threat actors, the kind of data they are targeting, and the methods they are using to compromise different organisations in the region.

This knowledge helps organisations to accelerate building their capability to detect and contain intrusions, Chandiramani said.

The priority for information security professionals throughout Europe should be to have a plan to be able to detect and fix issues, he added.

“In addition, a lot of collaboration can happen between industries in terms of sharing information about the different threats that have been seen,” he said.

The report shows that, increasingly, attackers are targeting specific verticals, so there is value in sharing information about attacks within those groups, said Chandiramani.

“Attackers within specific verticals tend to re-use the same set of attacks, so sharing information will enable CISOs in each sector to be better prepared with tailored incident response plans.”