British Internet security officials issued a critical alert yesterday to warn UK governments, companies and individuals that they may be under a hacker attack.
The United Kingdom’s National Infrastructure Security Co-Ordination Centre (NISCC) reported a series of Trojanized e-mail attacks are targeting people to covertly gather and transmit commercially and economically valuable information. The Trojans are received either in e-mail attachments or through links to Web sites.
The NISCC said the e-mails employ social engineering, including use of a spoofed sender address and information relevant to the recipient’s job interests to entice them to open the documents. Once installed on a user machine, Trojans may be used to obtain passwords, scan networks, exfiltrate information and launch further attacks.
“Unlike phishing attacks and e-mail worms, the attackers are specifically targeting governmental and commercial organizations,” the NISCC advisory reported. “Although they use similar methods, the attacks are distinct from incidents of industrial espionage recently reported in the press.”
A Threatening Trend
Ken Dunham, the director of malicious code research at iDefense, a Reston, Va.-based threat intelligence firm, told TechNewsWorld that these types of attacks have emerged as a threatening trend over the past 18 months.
Unlike opportunistic attacks that roam the Internet hoping to randomly victimize someone, targeted attacks like this one seek to gain entrance into a specific network or a specific person’s computer to obtain valuable information used to extort or steal.
“These are not widespread, easy-to-detect Trojans being spammed out to everybody. They are being sent to specific targets. That’s really the key difference,” Dunham said. “Targeted attacks are much more difficult to defend against because the attackers go through a lot more effort to deceive you.”
No Longer Child’s Play
Analysts said targeted attacks like are also much more dangerous than opportunistic attacks because hackers can gather so much personal information about an individual through Trojans.
Pick your poison, Dunham said. There are many ways to trick and infect a targeted individual, he stressed.
“This is not child’s play anymore,” Dunham said. “You might actually be the specific target of an attack. We are in an age where not only are there opportunistic script kitties and people who are well organized to do bots, but there are also different hackers that go after specific targets. They might do that in a hacker-for-hire situation in their own black ops.”