According to the NISCC, nearly 300 organisations belonging to
the UK’s Critical National Infrastructure are undergoing a
sustained and sophisticated attack from hackers, who use targeted
e-mails to gain access to computers, either through an infected
attachment, or a link to an infected web site.
“We have never seen anything like this in terms of the
industrial scale of this series of attacks,” the NISCC’s director,
Roger Cumming, told the Financial Times. “This is not a few hackers
sitting in their bedrooms trying to steal bank account details from
individuals. This is aimed at organisations, targeted at gaining
information and is extremely well organised and well
structured.”
The origin of the e-mails is hard to assess, but the NISCC has
found that they are often linked to the Far East.
The purpose behind the attacks seems to be the gathering of
information, and relies on the planting of a Trojan – a program
that is installed onto a computer without the owner's knowledge.
Once installed, the Trojan horse can carry out malicious acts or
give another user remote control of the target computer.
NISCC is urging individuals and businesses to beef up their
attack detection capabilities. Users should investigate
unexpectedly slow machines, examine firewall logs and review mail
server access logs for connections from unusual IP addresses, it
says.
PC owners should also ensure that they make their systems as
secure as possible by updating anti-virus definitions and software
patches, educating users about e-mail attachments, and focusing
security measures on those machines that contain sensitive
information and are more likely to be targeted.
Elsewhere, a plethora of internet threat reports have been
issued, most of which warn of an increase in phishing and
pharming.
Phishing occurs when a fraudster sends an e-mail that contains a
link to a fraudulent web site where users are asked to provide
personal account information. The e-mail and web site are usually
disguised to appear to recipients as though they are from a trusted
service provider, financial institution or on-line merchant.
Pharming is a more recent phenomenon, taking advantage of
vulnerabilities in web browsers to redirect users to fake web
sites, even when they type the correct internet address into their
browser.
Issuing the latest edition of its Internet Security Intelligence
Briefing, domain registry VeriSign on Tuesday warned that criminals
were employing more sophisticated tactics in response to
anti-phishing countermeasures.
VeriSign warned of an attempt to poison the Domain Name System,
or DNS, cache – one of the means to carry out a pharming attack.
The attack was indicated by a 300% increase in probes of DNS
servers, and coincided with users of certain web sites being
redirected to a malicious web site that distributed spyware and
adware.
