lolloj - Fotolia

Education, energy and finance top UK cyber attack targets

The UK remains in the top five most targeted countries in Europe, the Middle East and Africa but has dropped from number one in 2014 to fifth place for the first half of 2015, a FireEye report reveals

More than two-thirds of all advanced cyber attacks in the UK are targeted at the education, energy and financial services sectors, according to a report by security firm FireEye.

The Advanced threat report for the first half of 2015 in the Europe, Middle East and Africa region also highlighted an increase in advanced attacks against UK enterprises.

After education, energy and financial services, the most targeted industry sectors in the UK were revealed to be aerospace and defence, high-tech, telecoms, entertainment and media, local and state government, and manufacturing.

Although FireEye's study showed that the UK remains in the top five most targeted countries in the region, it has dropped from number one in 2014 to fifth place for the first half of 2015. 

The majority of targeted attacks on UK enterprises that are having the most impact come from sticky fingers, malware associated with advanced persistent threat (APT) groups including Chinese APT groups APT18 and APT26.

Sticky fingers, also known as quickball, is a simple dynamic-link library (DLL) backdoor that is used by China-based advanced persistent threat actors to gain reverse shell access to infected systems.

The APT malware has been observed in the healthcare, high-tech, consulting, manufacturing, energy and utilities, telecommunications, aerospace, education, and legal services industries.

“What we once knew as the network perimeter no longer exists and to add to that, advanced attacks are not going away,” said FireEye regional president Richard Turner.

“Organisations need to recognise that the traditional ways of protecting themselves are simply inadequate today and that a single successful advanced attack has the potential to wreak operational and economic havoc on both governments and businesses.”

Read more about advanced persistent threats

According to Turner, cyber-resilient organisations work on the assumption that they will be breached at some point and have rebalanced their security investments to ensure they can rapidly return to normal productive operation following an attack.

“It’s critical that organisations have appropriate response strategies in place, which should include partnerships with organisations that have the technology and expertise to sufficiently mitigate the business risks. These are decisions that need to be made at a boardroom level and not just within the IT department,” he said.

Across the region, the report reveals that incidents of malware attacks increased in the first half of 2015 and unique infections grew more steadily each month, demonstrating the persistence of criminal threat actors.

Read more on Hackers and cybercrime prevention