Organizations within the critical infrastructure, such as oil, energy and chemical industries, experienced a higher percentage of malware in 2009 than organizations in other sectors. According to web security firm ScanSafe, critical infrastructure companies experienced at least twice as much malware as other organizations.
According to ScanSafe’s ‘Annual Global Threat Report 2009,’ the energy and oil industries suffered the largest amount of data-theft Trojans, experiencing over 350 percent more than other industries. Other sectors with a significant amount of contact with Trojans include government, chemical, banking and finance and pharmaceutical.
Mary Landesman, senior security researcher at ScanSafe, said “There is a misconception that cybercriminals are only intent on stealing data intended for credit card fraud and identity theft. In reality, cybercriminals are casting a much wider net.”
“Consumer credit card details are child’s play compared to the value of infrastructure and intellectual data from these sensitive verticals. The message is clear – cyberwar is already here. The Web is the battlefield and the enterprise is on the frontlines,” she said.
The average company by the end of 2009 experienced 19 encounters with malware per day and almost one quarter of the malware was zero-day, meaning it is undetectable by signature-based methodologies.