01:53 PM

Cyber Attack Hits European Commission

Malware was blamed for the "major" breach, launched on the eve of a summit focusing on euro instability, the war in Libya, and nuclear safety.

10 Massive Security Breaches
(click image for larger view)
Slideshow: 10 Massive Security Breaches
On Wednesday, a large cyber-attack was launched against the European Commission, mere hours before a two-day Brussels summit focused on the European debt crisis and Portugal, as well as the war in Libya and nuclear safety concerns.

"We're often hit by cyber attacks but this is a big one," an unnamed source told the BBC.

The attack targeted the European External Action Service (EEAS), which is the European Commission's foreign ministry and diplomatic corps. (The commission itself serves as the European Union's executive body.) According to an internal memo seen by EUObserver, "We have found evidence that both the commission and EEAS are the subject of an ongoing widespread cyber attack."

As a result, the European Commission -- which has launched an investigation -- advised all of its staff to change their passwords and use only secure email for sensitive communications. It also disabled the intranet as well as remote email access.

The commission has so far declined to provide more details about the attack, although EU spokesperson Antony Gravili told the AFP international news agency that the security breach stemmed from a malware incident, rather than being a targeted attack aimed at stealing financial secrets.

But the malware could indeed have been used as part of a targeted attack, said Rik Ferguson, director of security research and communication at Trend Micro, in a blog post. "Malware is simply one of the tools in the criminal and international espionage bag of tricks and making such a clear distinction before a thorough investigation has been completed may be counter-productive, to say the least."

Security experts said that the attack parallels an attack against the French finance ministry in December 2010, in which at least 150 out of 170,000 ministry computers were compromised. In that case, attackers were apparently gunning for economic information relating to a Group of 20 summit, which was held in Paris in February, and focused on global financial imbalances, including China's valuation of its currency.

One French official labeled the attack as "pure espionage."

"Hackers were able to break into the ministry's computers after emailing a malicious Trojan horse to users," said Graham Cluley, senior technology consultant at Sophos, in a blog post at the time. "Once the users were fooled into running the dangerous code, the hackers could access the computers remotely via a backdoor."

At the time, an anonymous official told the BBC that the stolen French information had been redirected to Web sites located in China, but that its final destination was unknown.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Current Issue
DNS Threats: What Every Enterprise Should Know
Domain Name System exploits could put your data at risk. Here's some advice on how to avoid them.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio

The cybersecurity profession struggles to retain women (figures range from 10 to 20 percent). It's particularly worrisome for an industry with a rapidly growing number of vacant positions.

So why does the shortage of women continue to be worse in security than in other IT sectors? How can men in infosec be better allies for women; and how can women be better allies for one another? What is the industry doing to fix the problem -- what's working, and what isn't?

Is this really a problem at all? Are the low numbers simply an indication that women do not want to be in cybersecurity, and is it possible that more women will never want to be in cybersecurity? How many women would we need to see in the industry to declare success?

Join Dark Reading senior editor Sara Peters and guests Angela Knox of Cloudmark, Barrett Sellers of Arbor Networks, Regina Wallace-Jones of Facebook, Steve Christey Coley of MITRE, and Chris Roosenraad of M3AAWG on Wednesday, July 13 at 1 p.m. Eastern Time to discuss all this and more.