Report: Credit Crunch Fuels Surge In Web Attacks

ScanSafe, a leading provider of SaaS Web Security, recently issued its Annual Global Threat Report.

The report is based on an analysis of more than 240 billion Web requests processed in 2008 by the ScanSafe Threat Center on behalf of the company’s corporate customers in more than 80 countries. It represents the world’s largest security analysis of real-time traffic.

The report reveals that there has been an explosive growth in malware throughout 2008. ScanSafe noted that there has been an overwhelming 582 percent growth between like quarters in 2007 and 2008 and a 300 percent volume ratio increase from January 2008 through December 2008. Exploits and iframes were up 1731 percent in 2008, while data-theft Trojans increased 1559 percent.

“We saw a continued acceleration of Web-delivered malware in 2008, reaching significant peaks in both October and November. The numbers are staggering,” said Mary Landesman, senior security researcher at ScanSafe. “There is a high correlation of increased online crime with the decline in the global economy. It could be that the increasing levels of job loss and uncertainty are fueling the surge in criminal activity. It is also likely that cyber crime is proving to be a viable business opportunity in a climate where legitimate opportunities are becoming increasingly more limited.”

Other key findings from the report include:

The Web is now a massive front for data harvesting.
Cyber criminals in 2008 have shown a change of intent and are now focused on the ongoing targeting and harvesting of sensitive data. Most of the malware delivered through the Web provides remote customization and configurability, enabling criminal attackers to target specific data and to remotely manage how that data is obtained. For home users, gaming credentials or credit card numbers could be at risk. For enterprises, there is the possibility of intellectual property theft and the potential to eavesdrop on all network transmissions via ARP poisoning or other man-in-the-middle attacks.

The credit crunch is fueling data theft.
In 2008, 14 percent of all ScanSafe Web malware blocks were the result of encounters with data theft Trojans, compared to 6 percent in 2007. Towards the end of the year (Q4) when the credit crunch was in full swing, we saw the largest growth in this category of threats. Not only did October and November 2008 show the highest levels of Web malware blocks but they also showed a heavy saturation of data theft Trojans.

Trusted sites pose the greatest risk.
In April 2008 ScanSafe counted an excess of 780,000 malicious Web pages from only five vertical interest sectors as a result of a single SQL injection attack. As a result of the continuing mass compromise of legitimate websites observed throughout 2008, the standard ‘safe surfing’ advice of avoiding unknown or non-trusted websites no longer applies. Today, it is the trusted sites that should be viewed as posing the greatest risk to Web surfers.

Energy and oil sector has 400 percent elevated exposure to data theft Trojans.
ScanSafe discovered that the top five most at risk verticals were energy and oil, pharmaceutical and chemical, engineering and construction, transportation and shipping, and the travel and entertainment industry. The average number of unique new variants of data theft Trojans encountered by customers in the first three quarters of 2008 was 57. The energy and oil sector encountered 213, an elevated exposure of nearly 400 percent. For those in the engineering and construction industry, the unique variant count was 166, nearly 300 percent greater than the average.

“Today’s malware is all about stealing and harvesting data. Cyber criminals have moved away from de-facing sites or merely designing malware as a prank and it is now created with commercial and criminal intent,” Landesman said. “Online crime has become a lucrative business and both commercial and personal data fetch a significant sum on black markets.”

Featured

  • Gaining a Competitive Edge

    Ask most companies about their future technology plans and the answers will most likely include AI. Then ask how they plan to deploy it, and that is where the responses may start to vary. Every company has unique surveillance requirements that are based on market focus, scale, scope, risk tolerance, geographic area and, of course, budget. Those factors all play a role in deciding how to configure a surveillance system, and how to effectively implement technologies like AI. Read Now

  • 6 Ways Security Awareness Training Empowers Human Risk Management

    Organizations are realizing that their greatest vulnerability often comes from within – their own people. Human error remains a significant factor in cybersecurity breaches, making it imperative for organizations to address human risk effectively. As a result, security awareness training (SAT) has emerged as a cornerstone in this endeavor because it offers a multifaceted approach to managing human risk. Read Now

  • The Stage is Set

    The security industry spans the entire globe, with manufacturers, developers and suppliers on every continent (well, almost—sorry, Antarctica). That means when regulations pop up in one area, they often have a ripple effect that impacts the entire supply chain. Recent data privacy regulations like GDPR in Europe and CPRA in California made waves when they first went into effect, forcing businesses to change the way they approach data collection and storage to continue operating in those markets. Even highly specific regulations like the U.S.’s National Defense Authorization Act (NDAA) can have international reverberations – and this growing volume of legislation has continued to affect global supply chains in a variety of different ways. Read Now

  • Access Control Technology

    As we move swiftly toward the end of 2024, the security industry is looking at the trends in play, what might be on the horizon, and how they will impact business opportunities and projections. Read Now

Featured Cybersecurity

Webinars

New Products

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area. 3

  • Unified VMS

    AxxonSoft introduces version 2.0 of the Axxon One VMS. The new release features integrations with various physical security systems, making Axxon One a unified VMS. Other enhancements include new AI video analytics and intelligent search functions, hardened cybersecurity, usability and performance improvements, and expanded cloud capabilities 3

  • Camden CV-7600 High Security Card Readers

    Camden CV-7600 High Security Card Readers

    Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure. 3