Defence companies targeted in spear-phishing attack

British defence contractors are being targeted by a sophisticated campaign that uses specifically tailored malicious emails to try to gain access to their systems, according to Cabinet Office minister Francis Maude.

An information-sharing hub has revealed a campaign to break into defence contractors' systems via a tailored malicious email campaign, according to Cabinet Office minister Francis Maude. Photo credit: BIS

The 'spear-phishing' attacks came to light as a result of information sharing between business and government organisations, which was introduced as part of a new UK cybersecurity strategy in November, Maude said in speech on Thursday.

"The benefits of this [data-sharing] are already emerging," Maude told an audience at the International Centre for Defence Studies in Estonia. "In one case, our intelligence agency GCHQ learn[ed] of a significant campaign of malicious emails targeting UK defence companies which they duly alerted that community to."

A Cabinet Office spokesman was unable to give more details of the attacks on the defence sector, which is one of the five industries covered by the information-sharing hub overseen by GCHQ.

He did reveal that businesses in the other four sectors — telecoms, finance, pharmaceuticals and energy — are also now actively exchanging data on the cyberattacks they are suffering. "The hub has been set up and is effective," he told ZDNet UK.

The data-sharing hub is expected to move to full operational capability later this year and will expand to include other organisations. In his speech, Maude said the effort should eventually be directed by the private sector.

"Ultimately we want to see industry taking the lead on this important initiative, so it's led by industry for industry," he said.

Olympic Games

The minister, who has responsibility for cybersecurity, also spoke about risks to this summer's Olympic Games in London. The Games "will not be immune to cyberattacks", he said, echoing comments he has made in the run-up to the event.

"The Beijing Olympics saw 12 million cybersecurity incidents during their Olympics. We have rightly been preparing for some time — a dedicated unit will help guard the London Olympics against cyberattack — we are determined to have a safe and secure Games," Maude told the audience.

In addition, he noted that foreign spy agencies are making efforts to break into British government systems. "UK government networks continue to be regularly targeted by foreign intelligence agencies, or groups working on their behalf," he said.

As part of the government's response to cyberthreats, it is funding public education schemes to make sure people are aware of the risks. One initiative, Get Safe Online, has now been allocated £400,000 in funding, Maude announced. The money will come from £650m set aside for cybersecurity response, according to the Cabinet Office.