Government and infrastructure tops hacking league
Big Brother gets pwned.
By John E. Dunn | Techworld | Published: 16:08, 11 February 2010
Cybercriminals are now aggressively targeting government and critical infrastructure companies, a review of malware and attack patterns over the last year has found.
While the core takeaways in ScanSafe's Annual Global Threat Report won't surprise anyone at a time of high-profile controversy over attacks on governments, the statistics put some flesh on a problem that does seem to have suddenly got markedly worse.
In 2009, Scansafe's analysis from its traffic passing its security-as-a-service filters showed a 252 percent growth in attacks on government, a 204 percent growth in attacks on banking and finance, a 322 percent growth in attacks on pharmaceutical and chemical, and a 356 percent growth in attacks on the critical oil and energy sectors. These rises are way above that seen for other sectors.
Related Articles on Techworld
The channels used to carry out these attacks are remarkably concentrated. Forty-five percent of web-based attacks in 2009 arrived through iFrame vulnerabilities of the sort that indicate hacked websites, with malicious Adobe PDF files implicated somewhere in the chain in an astounding 80 percent of web attacks by the fourth quarter of the year.
According to ScanSafe, this is down to an unusual combination of multiple exploitable vulnerabilities being found in a program which also happens to be ubiquitous in the businesses being targeted.
"Consumer credit card details are child's play compared to the value of infrastructure and intellectual data from these sensitive verticals. The message is clear - cyberwar is already here," said ScanSafe senior security researcher, Mary Landesman.
The most active botnet for the year turned out to be Gumblar, with 14 percent of traffic, way ahead of Asprox with 2 percent and Zeus with 1 percent. The frequency does not necessarily indicate the viciousness of the botnet, however, which can be used to deliver a variety of payloads over time, some more serious, some less so.
ScanSafe naturally sees its cloud model as more effective that the rival solution which is to put antivirus software on each computer and relies mainly on signature updates. Through the year, 27 percent of malware it saw was ‘undetectable' using such defence, ScanSafe claims.
The bottom line for verticals and government is to assess the usefulness of programs such as Adobe's PDF Reader, Flash plug-ins for all types of browsers, and obsolete browsers such as Internet Explorer 6 and 7. Obvious suggestions include disabling javascript in Acrobat Reader, banning browser plug-ins by default, and making it harder for users to browse beyond a carefully defined group of websites. This could soon be the minimum line of defence.
ScanSafe was bought by Cisco in October last year.
