The UK's National Infrastructure Security Co-ordination Centre has put businesses on red alert over a rising tide of e-mail-borne electronic attacks aimed at capturing sensitive commercial information.
The usually covert NISCC broke cover today to issue the warning to the UK business community after fending off a sustained attack on parts of the UK’s 'Critical National Infrastructure'.
While the majority of the observed attacks have been against central Government, other UK organisations, such as financial services companies are also at risk.
In a briefing paper, NISCC says the electronic attacks have been underway for a significant period of time with a recent increase in sophistication. They use unsolicited emails containing malicious Trojan malware which enable remote attackers to wrest control of infected machines.
The UK body says the incursions are distinct from the usual attempts to transfer funds online, but instead are aimed at stealing privileged information. The attacks, which appear to originate in the Far East, normally focus on individuals who have jobs working with commercially or economically sensitive data.
NISCC says a number of open source and bespoke trojans, altered to avoid antivirus detection, have been used. The trojans often communicate back to the attackers using standard application ports (for example TCP port 80, used for Web traffic) making it difficult to detect the data they send and receive amongst legitimate network traffic. Firewalls that allow access to these outbound ports will not block such data.
The agency says focus should be placed on securing computers handling sensitive information in areas such as commercial contracts, R&D, IPR, etc. as well as servers handling email addresses and passwords, as these are most likely to be targeted.