The UK has found itself once again among the top five most targeted countries in EMEA during the first half of the year, as malware attacks doubled in the region over six months, according to FireEye.
The security vendor’s Regional Advanced Threat Report for EMEA revealed that the majority of major attacks on UK organizations featured the StickyFingers/Quickball malware.
This DLL backdoor is associated with Chinese advanced hacking groups such as APT18 and APT26 who use it to gain reverse shell access into target machines, according to FireEye.
The top three UK industries hit by attackers, in descending order, were education, energy/utilities and financial services. These compromised 68% of all attacks during the first six months of the year.
However, despite the overall increase in malware, the UK actually dropped one place from last year to fifth in terms of the volume of APT malware detected.
How firms deal with the fall-out from a cyber-attack is almost as important as preventing it, to ensure they return to normal operations as soon as possible.
FireEye’s advice to organizations is to bring in APT-hunting tools as well as external threat intelligence to understand who may be interested in attacking them.
However, a determined attacker will always be able to get through defenses eventually, so CISOs should assume they have already been compromised.
Given this, it’s important to establish a “cyber risk framework” with board-level sponsorship, and an incident response team to “detect and react” quickly to any APT-style attack.
Overall, the top three verticals in EMEA hit by APT attacks varied somewhat from the situation in the UK: energy, government, and aerospace.
In terms of countries, Israel and Saudi Arabia topped the list of most targeted nations, each accounting for 11% of APT malware in the first half of the year.
Next came Spain and Germany (both 10%) and then the UK (9%).
FireEye security expert, Jens Monrad, explained that hackers may target educational institutions either as a “staging ground” to launch operations against other industries; to access sensitive IP; or even to steal personal and financial information from students and staff.
“Higher education institutions, especially those conducting research programs in areas with potentially high economic payoff, or those supporting sensitive government contracts, will face ongoing risks associated with APT groups,” he told Infosecurity.
“These threat groups are also likely to continue seeking to compromise academic networks to mask and proxy their activities against secondary targets.”