Online Malware Goes Vertical

By Matthew Hines  |  Posted 2008-11-17 Print this article Print

Web-based malware attacks are increasingly being targeted at specific vertical markets, security researchers contend, with certain sectors finding themselves in the crosshairs far more frequently these days and a growth in the volume of threats being aimed at many industries now drastically outpacing attacks on the long-beleaguered financial services segment.

According to a recent report issued by security filtering specialist ScanSafe, a number of infrastructure and heavy industry markets are now seeing the pace of malware attacks targeted at their operations take off as cyber-criminals move beyond the banking and investment verticals seeking new victims for their assaults.

After tracking the volume of online threats being distributed to 21 individual segments over the first nine months of 2008, ScanSafe found that the energy and oil, pharmaceutical and chemical, engineering and construction, transportation and shipping, and travel and leisure industries are now experiencing the most rapid growth in attacks, in that order.

While the researchers had initially expected to find that verticals with the highest numbers of Web users would lead the rankings, ScanSafe found that markets that retain control over strategic assets such as critical infrastructure are actually seeing the greatest leap in attacks.

"We entered into this analysis with the broad assumption that Web malware exposure was likely related to user surfing habits," Mary Landesman, senior security researcher at ScanSafe, said in a report summary. "With that in mind, we fully expected to see research-intensive verticals such as Media & Publishing or Education move to the forefront of exposure risk. We were concerned to find that the industries consistently encountering the highest rate of Web-delivered malware are not typical industries, but rather industries that can have critical bearing on infrastructure and intellectual property rights."

The specific growth rates for the five vertical industries experiencing the greatest increase in Web-delivered malware attacks were:

-Energy & Oil - 156 percent

-Pharmaceutical & Chemical - 152 percent -Engineering & Construction - 116 percent -Transportation & Shipping - 96 percent

-Travel & Leisure - 44 percent

Energy and oil companies are specifically being targeted with high numbers of password-stealing programs and backdoor threats, the researchers said.

As other recent reports looking at the security climate throughout infrastructure markets have concluded, those types of businesses are drawing a significant amount of interest from attackers, pointing to the potential for catastrophic incidents if criminals, terrorists or foreign agents could infiltrate such operations and take critical systems offline.

"Given the sensitive nature of these industries and the serious risks posed by backdoors and password stealers, it is rather unnerving to see Energy & Oil positioned in the top three most at-risk sectors," Landesman said.

The most popular breeds of attacks across all the verticals tracked by ScanSafe were malicious iframe and source reference threats implanted on compromised Web sites.

The most common exploits attempting to be delivered by the attacks were those targeting Adobe's Flash and Reader applications, ScanSafe said.

Among the other findings included in the report:

-The volume of Web-borne malware is increasing at a rate of approximately 6 percent per month, but the rate of exposure to that malware is increasing at a rate of approximately 16 percent per month.

-Some 28 percent of all Web-based malware samples aimed at the Pharmaceutical & Chemicals sector were for zero-day malware encounters. Engineering & Construction had the second highest rate of zero-day malware encounters at 21 percent, followed by Aviation & Automotive at 20 percent. The average rate of zero-day malware exposure across all verticals was 14 percent. The average rate for all ScanSafe customers is 18 percent.

-Exploits of vulnerabilities in Adobe Flash (SWF) and Adobe Reader (PDF) were the most commonly encountered, representing 83 percent and 13 percent, respectively, of all detected third-party application exploits. Apple QuickTime was third at 3 percent followed by Microsoft PowerPoint at less than 1 percent.

-At +135 percent of the median rate, Transportation & Shipping had the highest rate of encounters with compromised Web sites, followed by Pharmaceutical & Chemical at 103 percent.

-Banking & Finance had the highest rate of exposure to Web-delivered Flash exploits at a rate of 3 percent of all Web-based malware attacks (or 23 percent of all attacks related specifically to third-party application exploits).

-With a +1138 percent variance, exposure to backdoors and password stealers was exceptionally higher in the Pharmaceutical & Chemicals sector. Energy & Oil was second highest with a +342 percent variance, followed by IT & Telecommunications at 262 percent.

-Energy & Oil companies encountered unique variants of password stealers and backdoors at a much higher rate than other verticals. During the reporting period, Energy & Oil encountered 213 unique variants of this class of malware, compared with the average of 58 unique variants for all verticals.

Matt Hines has been following the IT industry for over a decade as a reporter and blogger, and has been specifically focused on the security space since 2003, including a previous stint writing for eWEEK and contributing to the Security Watch blog. Hines is currently employed as marketing communications manager at Core Security Technologies, a Boston-based maker of security testing software. The views expressed herein do not necessarily represent the views of Core Security, and neither the company, nor its products and services will be actively discussed in the blog. Please send news, research or tips to |

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel