Attacks/Breaches
3/25/2011
01:53 PM
50%
50%

Cyber Attack Hits European Commission

Malware was blamed for the "major" breach, launched on the eve of a summit focusing on euro instability, the war in Libya, and nuclear safety.

10 Massive Security Breaches
(click image for larger view)
Slideshow: 10 Massive Security Breaches
On Wednesday, a large cyber-attack was launched against the European Commission, mere hours before a two-day Brussels summit focused on the European debt crisis and Portugal, as well as the war in Libya and nuclear safety concerns.

"We're often hit by cyber attacks but this is a big one," an unnamed source told the BBC.

The attack targeted the European External Action Service (EEAS), which is the European Commission's foreign ministry and diplomatic corps. (The commission itself serves as the European Union's executive body.) According to an internal memo seen by EUObserver, "We have found evidence that both the commission and EEAS are the subject of an ongoing widespread cyber attack."

As a result, the European Commission -- which has launched an investigation -- advised all of its staff to change their passwords and use only secure email for sensitive communications. It also disabled the intranet as well as remote email access.

The commission has so far declined to provide more details about the attack, although EU spokesperson Antony Gravili told the AFP international news agency that the security breach stemmed from a malware incident, rather than being a targeted attack aimed at stealing financial secrets.

But the malware could indeed have been used as part of a targeted attack, said Rik Ferguson, director of security research and communication at Trend Micro, in a blog post. "Malware is simply one of the tools in the criminal and international espionage bag of tricks and making such a clear distinction before a thorough investigation has been completed may be counter-productive, to say the least."

Security experts said that the attack parallels an attack against the French finance ministry in December 2010, in which at least 150 out of 170,000 ministry computers were compromised. In that case, attackers were apparently gunning for economic information relating to a Group of 20 summit, which was held in Paris in February, and focused on global financial imbalances, including China's valuation of its currency.

One French official labeled the attack as "pure espionage."

"Hackers were able to break into the ministry's computers after emailing a malicious Trojan horse to users," said Graham Cluley, senior technology consultant at Sophos, in a blog post at the time. "Once the users were fooled into running the dangerous code, the hackers could access the computers remotely via a backdoor."

At the time, an anonymous official told the BBC that the stolen French information had been redirected to Web sites located in China, but that its final destination was unknown.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Latest Comment: nice one good
Current Issue
E-Commerce Security: What Every Enterprise Needs to Know
The mainstream use of EMV smartcards in the US has experts predicting an increase in online fraud. Organizations will need to look at new tools and processes for building better breach detection and response capabilities.
Flash Poll
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
Join Dark Reading community editor Marilyn Cohodas in a thought-provoking discussion about the evolving role of the CISO.