High-Profile Verticals Hammered with Malware Attacks

By Matthew Hines  |  Posted 2010-02-18 Print this article Print

We've known for years that industries that control large amounts of highly sensitive data (financial services) and/or assets (utilities) have been sitting squarely in cyber-attackers sights, as the threats tend to go where the money and power (quite literally) is there for the taking.

In the case of industries where organizations retain huge volumes of data that cyber-criminals can easily turn into ill-begotten profits (e-banking, e-commerce) the condition has traditionally been far worse, but as we've learned over the last year in particular, critical infrastructure industries such as the U.S. electrical grid have also become an area of focus.

Another area of interest on the part of attackers have been any industries that have loads of highly valuable intellectual property, such as pharmaceuticals, consumer products and hi-tech.

But at the same time that we've known about much of this industrial orientation of threats through reported attacks and the avalanche of financially-driven malware and cyber-crime, there has been little research reported that calls out the specific challenges faced by individual verticals (save maybe within the fiserv industry itself).

However, for the second year in a row, as part of its Annual Global Threat Report, published this week, experts with SaaS security filtering experts Scan Safe (now owned by networking giant Cisco) have focused their research efforts in part on calling out vertical trends. And the results are pretty scary.

According to the most recent report, which covers a wide range of different malware trends that played out in 2009, companies in highly sensitive verticals such as the financial and utilities sectors are indeed experiencing a much higher rate of Web-borne Trojan data theft attacks than organizations in other industries.

For instance, ScanSafe contends that Energy & Oil companies experienced a 3.5 times higher rate of Trojans malware attacks compared to all other verticals that it researched. Companies in the Pharmaceutical and Chemical sector, which retain extremely valuable intellectual property sought by rivals around the globe, experienced a 3.2 times higher rate of Trojan attacks, which ScanSafe ranks as the most dangerous breed of malware.

Even more startling, the Energy & Oil segment experienced a 356 percent greater rate of Trojan attacks than all other verticals in 2009.

ScanSafe, which based its conclusions on the numbers of attacks that it observed being aimed at its customers, said that the Pharmaceutical & Chemical industry and the Energy & Oil sector also saw much higher volumes of password thieving programs and backdoor attacks during 2009 than other segments. The specific rates of these attacks for the two industries were in fact 14 times and 11 times higher than the average for other verticals, respectively.

"The higher rate of encounters with unique variants is likely indicative of greater targeting of these segments, as attackers typically introduce new variants in an attempt to evade malware detection," ScanSafe researchers said.

In terms of the government, organizations were hit with 2.5 times more Trojan attacks online than all other industries. However, in a nod to the ubiquity of the threats being trained on the vertical, the government segment saw a 25 percent lower than average rate of unique campaigns.

On the flip side, the Banking & Finance sector experienced a data theft Trojan attack rate that was 204 percent higher than average, according to the report. And for these companies that hold the money, innovation on the part of attackers was the norm, as the rate of unique Trojans it absorbed was 211 percent higher than the norm for all the industries ScanSafe tracked when combined.

Based on the report we can conclude that attacks do indeed follow the money, and increasingly the power as well. What that means for the future is unclear, but, it certainly seems pretty scary.

Follow eWeek Security Watch on Twitter at: eWeekSecWatch.

Matt Hines has been following the IT industry for over a decade as a reporter and blogger, and has been specifically focused on the security space since 2003, including a previous stint writing for eWeek and contributing to the Security Watch blog. Hines is currently employed as marketing communications manager at Core Security Technologies, a Boston-based maker of security testing software. The views expressed herein do not necessarily represent the views of Core Security, and neither the company, nor its products and services will be actively discussed in the blog. Please send news, research or tips to SecurityWatchBlog@gmail.com.

del.icio.us | digg.com

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel