Critical infrastructure providers in the UK are being targeted by Trojans. This week the NISCC (National Infrastructure Security Co-ordination Centre) warned that the email attacks were designed to steal sensitive information, such as passwords and documents.
Tailored attacks against UK government departments, businesses and other important organisations have been occurring for a significant period of time but according to the NISCC they have recently become more sophisticated.
The emails arrive with attachments containing so-called Trojan horse viruses, or links to websites that host Trojan files. A Trojan is an attack in which malicious code is hidden in a seemingly harmless file. They allow virus writers to gather information and remotely control infected systems.
The email subject headings have been written to appeal to recipients, often referring to recent news articles, an NISCC briefing paper said. Attacks normally focus on individuals working with commercially or economically sensitive data, it added.
The subject headers and IP (internet protocol) addresses of the emails suggests they are being sent from the Far East, according to the NISCC.
Over 300 UK government departments and businesses have been targeted in the attacks, according to antivirus firm Sophos, which has been working with the NISCC to identify the threats.
The NISCC has not revealed the specific target organisations, and it is unclear whether information has already been stolen, said Sophos security consultant Carole Theriault.
However, the NISCC said that systems compromised by the attacks pose a threat to the confidentiality, integrity and availability of stored data.
"They probably saw these Trojans, panicked and wanted to inform the public of it," Theriault said.
Aside from being directed at government departments, the Trojans aren't all that different from the email threats detected by researchers every day, according to Theriault. An increasing amount of attacks target specific types of users, and many have the ability to steal information and open backdoor capabilities, she said.
Still, the NISCC warning could serve to make computer users more aware of the sophistication and prevalence of new types of email attacks.
The NISCC advised possible recipients to update their antivirus software. It advised administrators to examine the firewall logs of critical systems for anomalous IP addresses, and review mail server access logs for evidence of connections from unusual addresses.
Further information about detecting and mitigating threats can be found at www.niscc.gov.uk/niscc/index-en.html.