Canada, Australia Echo U.K. Cyber Attack Warnings
Just hours after British cyber-security officials issued a highly unusual warning that hackers are launching targeted attacks against U.K. government agencies and high-profile British corporations, their counterparts in Canada and Australia issued similar alerts.
"These e-mails are typically sent to specific individuals, rather than the large, random distributions associated with phishing attacks or other Trojan activity," according to an alert issued by the Canadian Cyber Incident Response Center. "In addition, the e-mails use sophisticated social engineering to appear credible and entice users into opening the attachment or following the link."
As we reported Thursday, Britain's National Infrastructure Security Co-ordination Centre said hackers were devising increasingly sophisticated attacks that appear to be custom-made for each target, focusing on individuals who work with sensitive data with e-mails that appear to originate from trusted contacts, news agencies or government departments. The messages urge the reader to click on a link or attachment that attempts to download a "Trojan horse" program, which could allow hackers to take control of the reader's computer.
Late Thursday afternoon, the Canadian government issued a similar alert, saying it had received related reports of attacks focusing on Canadian companies.
The CCIRC said the "Trojans" are especially dangerous because they are designed to disable or circumvent antivirus and network firewall software. The agency said that in many cases, the Trojans went undetected by the latest version of any up-to-date anti-virus programs.
While the CCIRC said it has received few reports of such attacks in Canada compared with those in Britain and other nations, "the vulnerability of critical infrastructure networks to such an attack is significant." The alert added that the subject line, attachment and text of the e-mails in each case were crafted to appear relevant to the recipient's work, or may have been copied from a previous, legitimate communication sent by a member within the targeted organization.
Not to be outdone, the Australian Government Department of Defense called on government agencies, companies and those responsible for the country's critical infrastructure to heed the advice in the NISCC alert.
The U.S. Computer Emergency Readiness Team (USCERT) -- part of the Homeland Security Department -- has been notably silent about this whole development, perhaps because they have nothing to add. On a side note, it looks like they've redesigned their Web page to make it a bit tidier.
June 16, 2005; 10:19 PM ET
Categories: Latest Warnings
Save & Share: Previous: Britain's 'Critical Infrastructure' Under E-Mail Attack
Next: Adobe PDF Patch Plugs Data Leak Threat
Posted by: william Jay | June 20, 2005 10:47 PM | Report abuse
The comments to this entry are closed.