A report on Trojan email attacks against critical infrastructure systems in the UK highlights an emerging trend away from mass-mailing worms and viruses to far more targeted ones, analysts say.
On Thursday, the UK's National Infrastructure Security Co-Ordination Centre released a report disclosing that more than 300 government departments and businesses were targeted by a continuing series of email attacks designed to covertly gather sensitive and economically valuable information.
Unlike with phishing and mass-mailing worms, the attackers appear to be going after specific individuals who have access to commercially or economically privileged information, the report says.
The attacks involved the use of emails containing so-called trojan programs or links to websites containing trojan files. Once installed on a user's system, trojans covertly run in the background and perform a variety of functions, including collecting usernames, passwords and system information; scanning of drives; and uploading of documents and data to remote computers.
"The emails use social engineering to appear credible, with subject lines often referring to news articles that would be of interest to the recipient," the report says. "In fact, they are 'spoofed', making them appear to originate from trusted contacts, news agencies or government departments."
The report highlights how hackers are starting to tailor their attacks and go after specific high-value targets instead of simply launching mass-mailing worms and viruses, says Mark Sunner, chief technology officer at MessageLabs, a provider of email security services.
"Certainly for the last few years, what everyone perceived to be the main issue was the mass-mailing worm," Sunner says. "But there does seem to be a new trend where email viruses are being created with the express intention of getting into specific organisations and planting trojans or keystroke loggers," he said. Over the past year, MessageLabs has been intercepting a growing number of such emails, he says.
Another big message here is that "information theft is becoming one of the major aims of people writing these email trojans", says Richard Wang, manager of Sophos, a vendor of antivirus products.. "The vast majority of the Trojans mentioned in the NISCC paper are Trojans that are used to steal information."
But organisations that follow long-established best practices related to email security should not have a hard time dealing with these threats, says Pete Lindstrom, an analyst at Spire Security.
"It doesn't surprise me at all that these sorts of attacks are possible," Lindstrom says. Government agencies especially have lots of published email addresses, he says. "Because email spoofing is so simple, there is no reason not to try these attacks using phishing and other techniques," he says.
But the trend toward targeted email attacks shouldn't "bother any security professional worth his salt", Lindstrom adds. Standard precautions such as updated antivirus signature, attachment filtering and antispam measures should be enough to identify and mitigate risk.