Critical Infrastructure Security, Incident Response, Malware, TDR, Vulnerability Management

Web malware, more advanced and targeted than ever

End-users working in the energy-and-oil sector are most at-risk to succumbing to web malware, according to ScanSafe's annual threat report released this week.

Based on an analysis of 200 billion web requests processed by the security company on behalf of its worldwide customer base, the top five verticals most susceptible to web malware infection were energy and oil, pharmaceutical and chemical, engineering and construction, transportation and shipping and travel and entertainment.

Mary Landesman, ScanSafe's senior security researcher, told SCMagazineUS.com on Wednesday that this is likely attributable to the vast amounts of intellectual property stored by those sectors. Thus, an attacker who can steal data may be able to handsomely profit by, say, selling the goods to a competitor.

In total, incidents of web malware infection surged 582 percent last year, with significant rises visible toward the end of 2008, correlating with the worsening economy, Landesman said. Most users were infected by visiting a website that contained a malicious IFRAME or source reference, which initiated an exploit of a vulnerability, usually in Adobe Flash or Reader, she said. Data-theft trojans, meanwhile, rose 1,559 percent last year, the report showed. Landesman said job losses and general uncertainty may be attracting more people to cybercrime.

She added that the trojans ScanSafe analyzed were highly customizable, meaning they could be configured to launch attacks such as address resolution protocol (ARP) poisoning. ARP poisoning is a man-in-the-middle attack in which a compromised machine will claim to be target device – for instance, a printer – and any traffic sent to that IP address in good faith is delivered to the attacker.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.