Critical Infrastructure Security, Incident Response, Malware, TDR

Critical Infrastructure encounters the most web malware, report

Critical infrastructure organizations, such as those in the energy, oil, pharmaceutical and chemical sectors, encountered at least twice as much web malware as other organizations during 2009, according to web security firm ScanSafe.

More than any other verticals, the energy and oil sectors were pummeled with the greatest amount of data-theft trojans last year, according to ScanSafe's "Annual Global Threat Report 2009," released Thursday. Energy and oil companies experienced a 356 percent higher rate of direct encounters with data-theft trojans compared to other verticals, the report said. Also, those in the pharmaceutical and chemical sectors encountered 322 percent information-stealing malware compared to other verticals.

The data came from more than one trillion web requests processed last year by ScanSafe's Threat Center.

Data-theft trojans are the most silent and surreptitious of all malware, said Mary Landesman, senior security researcher at ScanSafe.

“The data-theft trojans have a vast array of capabilities that attackers can turn on at whim,” Landesman told on Wednesday. “What they enable is entirely dependent upon how interesting that particular victim is.”

Most data-theft trojans give attackers the ability to harvest information from a victim, Landesman said. They can be used to log keystrokes, capture screenshots, manually scan drives for sensitive information — and then send collected data to the attackers. Depending on what options are enabled, the trojan could give attackers full access to a user's system.

“A few years ago, the security community was talking about insider threat,” Landesman said. “The difference today is the malware is now your digital insider. You now have a spy on the inside in the form of these binaries sloughing out sensitive information.”

Those in government, banking and finance sectors also saw more web malware than other verticals during 2009, the report said. Government organizations encountered 252 percent more data-theft trojans than other verticals, while the banking sector saw 204 percent more.

Attacks such as the recent Operation Aurora — which leveraged a previously unknown Internet Explorer vulnerability to install data-stealing malware on target machines at Google, Adobe and more than 30 other large companies — are not uncommon, Landesman said.

“These are the sorts of threats being delivered by the web and targeting highly sensitive companies on a routine basis,” Landesman said.  

A separate report, issued by McAfee in January, found that the risk of cyberattacks on critical infrastructure systems is rising. That report, based on the responses of 600 IT security executives working at critical infrastructure organizations worldwide, found that 80 percent of respondents expect a major cybersecurity incident to cause an outage of at least 24 hours or loss or life, within the next five years.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.