Sidebar: U.K. Incidents Show Shift to Targeted Attacks

Computerworld - An ongoing series of e-mail attacks against computer systems in the U.K. highlights a trend in which cybercriminals are shifting away from mass-mailing worms and viruses and focusing on more targeted sets of victims.
The U.K.'s National Infrastructure Security Co-ordination Centre last week published a report saying that more than 300 government departments and businesses are being buffeted by attacks designed to covertly gather data.
Unlike tactics used in phishing attacks and the wide-scale mailing of e-mail worms, the attackers appear to be targeting individuals who they believe have access to privileged information, the report said. It added that the IP addresses and e-mail header information used in the messages suggest that the attacks are originating in the Far East.
The attacks involve the use of e-mails that contain Trojan horse programs or links to Web sites with Trojan horse files installed on them. Once the Trojan horses are installed on systems, they collect usernames, passwords and system information; scan disk drives; and upload documents and data to remote computers, the report said.
Many malicious hackers are starting to tailor their attacks to go after high-value targets, said Mark Sunner, chief technology officer at MessageLabs Ltd., a U.K.-based provider of e-mail security services.
"Certainly for the last few years, what everyone perceived to be the main issue was the mass-mailing worm," Sunner said. "But there does seem to be a new trend where e-mail viruses are being created with the express intention of getting into specific organizations."
The disclosure in the U.K. came just two weeks after police in Israel said they had uncovered a spy ring that allegedly used Trojan software to snoop into companies there .
"It doesn't surprise me at all that these sorts of attacks are possible," said Pete Lindstrom, an analyst at Spire Security LLC in Malvern, Pa. But the new threat shouldn't "bother any security professional worth his salt," Lindstrom added. Standard precautions such as updated antivirus signatures, attachment filtering and antispam measures should be enough to identify malicious messages and mitigate the risks, he said.