According to a recent report, senior government officials have warned businesses that foreign intelligence services are using sophisticated electronic attacks to steal sensitive financial and technological secrets, using a combination of traditional email phishing attacks, infecting systems with trojans via USB flash drives as well as social engineering methods.
It appears that overseas intelligence agencies have been engaged in economic espionage, targeting UK firms for technical information and details of contract bids from large firms. The National Infrastructure Security Co-ordination Centre (NISCC) said these attacks have increased substantially over the past 12 months.
Officials believe that overseas intelligence agencies are investing significant resources in targeting people in an organisation who have access to the data they want. “They use social engineering techniques to trick staff into opening e-mails, or use USB memory sticks to infect computers with hacking tools”, the NISCC said.
Intelligence officials have identified attacks against businesses by monitoring news reports for information that has been leaked about firms and matching the leaks against computer security logs.
These attacks are not just affecting the UK, Allan Paller, director of US security advisory organisation the Sans Institute, said evidence from the US showed that foreign intelligence services had recently penetrated US government computer systems using similar endpoint techniques.
Paller is advising businesses to respond to threats by carrying out mock endpoint security attacks within their organisations to help test and educate staff.
Sources:
NISCC
ComputerWeekly
