Energy companies targeted by Web-borne malware

Published 24 October 2008

New report says the energy companies experienced more Web-based malware attacks than any other vertical market in the third quarter of this year, with an increased rate of exposure of 189 percent

This cannot be good news for the energy sector: Energy companies have a nearly 200 percent rate of being hit with Web-borne malware attacks, according to a new report from ScanSafe. Energy companies experienced more Web-based malware attacks than any other vertical market in the third quarter of this year, with an increased rate of exposure of 189 percent, followed by the pharmaceuticals and chemical industry, with 181 percent; construction, 144 percent; transportation, 121 percent; and the media, 93 percent risk, according to the ScanSafe report.

Mary Landesman, senior security researcher at ScanSafe, said that “Given the global impact of the Energy & Oil sector, it is particularly troubling to see that this sensitive sector is at the highest risk of Web-based malware…. And when one considers the top three most at risk sectors include Energy, Chemicals, and Engineering, one has to question whether these encounters are incidental or whether these particular sectors are under attack.”

Corporations experienced 338 percent more Web-based malware in the third quarter versus the first quarter, and 553 percent more than in the fourth quarter of last year, the report says. ScanSafe says this jump is the result of the wave of SQL injection attacks that have hit Web sites over the past few months, as well as socially engineered e-mail. Most of the malware came from legitimate sites.

Backdoor and password-stealing Trojans increased by 267 percent from January to September. “Although Web-based malware threats have continued to increase quarter over quarter, the levels did plateau in August and September 2008,” Landesman says. “Despite the plateau, the level of malware throughout those months was at an all-time high compared to previous months, with the exception of July which had an unprecedented level of malware.”