Network News

X My Profile
View More Activity

Canada, Australia Echo U.K. Cyber Attack Warnings

Just hours after British cyber-security officials issued a highly unusual warning that hackers are launching targeted attacks against U.K. government agencies and high-profile British corporations, their counterparts in Canada and Australia issued similar alerts.

"These e-mails are typically sent to specific individuals, rather than the large, random distributions associated with phishing attacks or other Trojan activity," according to an alert issued by the Canadian Cyber Incident Response Center. "In addition, the e-mails use sophisticated social engineering to appear credible and entice users into opening the attachment or following the link."

As we reported Thursday, Britain's National Infrastructure Security Co-ordination Centre said hackers were devising increasingly sophisticated attacks that appear to be custom-made for each target, focusing on individuals who work with sensitive data with e-mails that appear to originate from trusted contacts, news agencies or government departments. The messages urge the reader to click on a link or attachment that attempts to download a "Trojan horse" program, which could allow hackers to take control of the reader's computer.

Late Thursday afternoon, the Canadian government issued a similar alert, saying it had received related reports of attacks focusing on Canadian companies.

The CCIRC said the "Trojans" are especially dangerous because they are designed to disable or circumvent antivirus and network firewall software. The agency said that in many cases, the Trojans went undetected by the latest version of any up-to-date anti-virus programs.

While the CCIRC said it has received few reports of such attacks in Canada compared with those in Britain and other nations, "the vulnerability of critical infrastructure networks to such an attack is significant." The alert added that the subject line, attachment and text of the e-mails in each case were crafted to appear relevant to the recipient's work, or may have been copied from a previous, legitimate communication sent by a member within the targeted organization.

Not to be outdone, the Australian Government Department of Defense called on government agencies, companies and those responsible for the country's critical infrastructure to heed the advice in the NISCC alert.

The U.S. Computer Emergency Readiness Team (USCERT) -- part of the Homeland Security Department -- has been notably silent about this whole development, perhaps because they have nothing to add. On a side note, it looks like they've redesigned their Web page to make it a bit tidier.

By Brian Krebs  |  June 16, 2005; 10:19 PM ET
Categories:  Latest Warnings  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: Britain's 'Critical Infrastructure' Under E-Mail Attack
Next: Adobe PDF Patch Plugs Data Leak Threat

Comments

the time and money spent on fighting such
attacks would be better spent on tracking
down the attachers and removing there hands. Their use of the keyboard would end. Such methods have been effective in the ny nj area

Posted by: william Jay | June 20, 2005 10:47 PM | Report abuse

The comments to this entry are closed.

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company