Breach, Data Security, Incident Response, Malware, TDR

Malware designed to steal IDs increased 600 percent

The number of users victimized by malware specifically intended to rob personally identifiable information (PII) leapt 600 percent this year compared to the same period in 2008, according to a report released on Thursday by PandaLabs, a division of Bilbao, Spain-based Panda Security.


Writing on the PandaLabs blog, Luis Corrons, PandaLabs' director, said that of the nearly 37,000 samples of new viruses, worms, trojans and other types of internet threats PandaLabs receives each day, 71 percent are trojans, the majority of which are intended to siphon bank details or credit card numbers, as well as passwords for other commercial services.

"Between January and July 2009, PandaLabs received 11 million new threats, approximately eight million of which were trojans," he wrote. "This is in clear contrast, for example, to the average of 51 percent of new trojans that PandaLabs received in 2007."

The lab estimates that three percent of all computer users have fallen victim to these techniques, he said. But, unlike traditional viruses of the past, Corrons said these types of threats present a new challenge: They are programmed to remain invisible, so that computer users are unaware their machines have become infected.


“What we're seeing is the natural progression of intelligence among hackers," Gary Palgon, vice president, product management, nuBridges, told on Thursday in an email. "For many years, perimeter-based security, such as firewalls, prevented the bad guys from getting into enterprises. Now that they have found ways to breach those, they figure out how to breach the applications themselves and gain access to the data," he said.

In the most recent data breaches, such as those at Heartland and Hannaford, for which Albert Gonzalez was indicted this week, cybercriminals are using SQL injections to get through application “boundaries” and then planting malware, said Palgon. The result? Unfettered access.

"It's no different for other types of sensitive data either," he said. "Once the malware is in, it often sits undetected, easily gathering the data as it moves. "

Malware is often undetected for long periods of time, added Palgon. "With many ways to breach perimeter security, it has become easier for criminals to embed malware in either centralized or distributed locations within an enterprise network."


Palgon advised that the only sure way to prevent data leakage is to continue the layered approach to security. "But be sure to secure all the way down to the core – the data itself,” he said. "Without encrypting the data and rendering it useless to those that should not have access, there are bound to be more thefts of sensitive data."


Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.