Defense, energy, banks hit by Internet Explorer bug

May 2, 2014: 12:15 PM ET
operation clandestine fox
The cyber offensive nicknamed "Operation Clandestine Fox" is being used to attack PCs.
NEW YORK (CNNMoney)

Hackers have attacked the government agencies, defense contractors, energy companies and banks by exploiting the software flaw in Internet Explorer.

That's according to FireEye (FEYE), the cybersecurity firm that revealed the software flaw last week. The company discovered that hackers took advantage of a bug in the Internet Explorer Web browser to secretly take control of computers.

The cyber offensive has been dubbed "Operation Clandestine Fox," and affects all versions of Microsoft's (MSFT) Web browser.

Microsoft has issued a fix, but FireEye's announcement on Thursday showed there are already victims. FireEye also spotted that hackers are now specifically targeting older computers running on the outdated Windows XP operating system and those using the Internet Explorer 8 version of the browser.

Among those still using Windows XP are the Defense Department, the IRS, and bank ATMs. That's a problem, because Microsoft (MSFT) has taken its 12-year-old operating system off life-support, ceasing security updates (although it did, in this case, apply an update to Windows XP).

Consider this a wake-up call.

It's easy to ignore Internet security scares, especially when there's a deluge of news about them. In the month of April alone, we were bombarded with news about the pervasive Heartbleed bug, a massive AOL hack and the Internet Explorer glitch.

But there are real world consequences. The Heartbleed bug was used to steal personal information of Canadian taxpayers. The AOL (AOL) hack led to a flood of spam (that could link to infected websites.)

An attack like Clandestine Fox is of the more serious variety -- a cyber reconnaissance mission by a foreign government that reveals weaknesses in industries crucial to the United States' economy, defenses and power. It targeted power plants, banks, government agencies and military technology, which is essentially a precursor for war, said David Kennedy, CEO of security consulting firm TrustedSec.

"They're going after the core critical infrastructure of the United States, so in the event of a war, they can take it down," Kennedy said. "The scary part is that the financial sector and energy are extremely vulnerable."

Internet Explorer bug worst for Windows XP

A typical power plant, for example, makes expensive investments on equipment that's meant to last decades. It's common to find 1970s-era software on turbines, Kennedy said. That's a danger.

"When you have old technology, the defenses they made back then aren't adequate today," he said.

FireEye wouldn't say who is launching the attack, but offensives of this nature are typically conducted by foreign governments. In the past, cybersecurity firms have pointed to China and Iran.


Search for Jobs