The government is dealing with 20,000 ‘hostile' emails every month, with the Treasury facing an average of more than one attack per day.
Speaking at the Google Zeitgeist event, chancellor George Osborne said that the emails were sent by ‘hostile intelligence agencies' and in one instance, a legitimate email relating to the G20 was followed by an almost identical hostile replica.
While the emails caused no harm, Osborne commented that the level of attack makes the Treasury one of the most targeted departments across Whitehall. Osborne said: “To the recipient it would have looked like the attachment had been sent twice. Fortunately, our systems identified this attack and stopped it."
Orla Cox, senior security operations manager at Symantec, said: “Targeted attacks are increasingly common. Typically, these attacks originate through email and are sent from spoofed email accounts. The emails will typically include an attachment, usually .doc or .pdf, but may also include a link.
“The message body will use some form of social engineering to trick the user to click on the attachment or link. The attachment or remote site includes an exploit which is used to drop further malware, typically a backdoor program which allows the attacker access to the compromised machine.”
The government's cyber efforts were also hit last week by the resignation of security and counter terrorism minister Baroness Pauline Neville-Jones, who was replaced by Angela Browning as a home office minister.
Mark Darvill, director at AEP Networks, said: “It is absolutely critical that the government deploys the highest levels of security to protect itself and confidential data from compromise. Attacks on this frequency show that internet security is moving up the agenda for very good reason.
“The £650 million investment in a new National Cyber Security programme that the government made last year confirms the coalition's commitment to cyber security. What we now need to see is each and every government department ramp up its security measures to ensure they are fully robust in the face of attack.”
Rob Cotton, chief executive of NCC Group, said: “The hundreds of pre-planned attempts by hostile intelligence agencies to break into Treasury servers and the 20,000 malicious emails into government networks every month, show that any government who claims to be embracing the internet needs to place equal importance on security.
“Appointing an expert to focus on open data is all well and good. However, the government should arguably be investing more in tackling cyber crime, as this will pose serious threats for the future. Baroness Neville-Jones' appointment as special representative to business on cyber security last week was one step forward on this matter but the government must ensure that her role is not merely lip-service and that it makes a tangible difference to a very real problem.
“With the White House announcing its commitment and strategy for cyber space later today, we should be looking at the US and following suit as they face the problem head on.”
Richard Walters, CTO of Invictis, welcomed Osborne's ‘frankness' over the threat, saying that if big business is to fight this threat effectively we need to begin tackling the problem with greater transparency without playing into the hands of the hackers.“Thankfully this topic is moving up both the political and corporate agenda, but at the moment big business is playing second fiddle to government's cyber security initiatives. UK plc is starting to react to the newer highly targeted and sophisticated attacks but needs to do more and accept that it's not a problem that can be tackled with yet another box on the network,” he said.