February 17, 2010, 3:09 PM — Most of the attention on a recent report from ScanSafe, a Cisco-owned security company, has been on the fact that attacks on Adobe PDF Reader vulnerabilities comprise up to 80% of PC attacks. That's actually not quite right. The ScanSafe threat report doesn't cover programs that work directly with the Internet like Web browsers and e-mail clients. Instead, it only covers programs that can be successfully attacked after files have arrived in a PC over the Internet. For my money, the important news in the report is just how totally computer hacking has become a business aimed at other businesses.
Don't get me wrong. It's vital to update your copies of Adobe Flash Player, Acrobat and Reader with the latest patches. But, what caught my attention in this report is that by focusing so much on the trees of individual security problems and patches we may be missing the forest of a parasitic industry.
According to ScanSafe, "Few victim companies choose to self report. Instead, the breaches that get acknowledged publicly are generally only those which involve theft of consumer or employee data - and only then because the laws require it. This selective disclosure fuels the misconception that cybercriminals are only intent on stealing data intended for credit card fraud and identity theft. In reality, cybercriminals are casting a much wider net."
ScanSafe's data indicates that what the cyber-criminals are really going for are specific vertical industries. The company found that companies in "highly sensitive verticals experience a much higher than average rate of Web malware encounters." Specifically, "In 2009, Energy & Oil experienced a 3.5 times higher rate of direct encounters with data theft Trojans compared to all other verticals. The energy companies were followed by pharmaceutical and chemical businesses with an attack rate of 322% over the average. These were followed by government with 252% and banking and finance with 204%."
These aren't just generic threats. Some of them seem specifically designed to break in and steal information from these kinds of businesses. Worse still, ScanSafe stats that, "No malware is easily detectable. On average, even given four possible points of detection (the email, the website, the exploit and the dropper), the miss-rate with traditional signature scanners is near 40%."
They're also constantly working on improving their tools. While it's still not entirely clear why a recent Windows XP patch ended up knocking out Windows PCs, one reason may have been that some of these systems were infected with malware. While Microsoft still hasn't fixed the problem, it seems the hackers behind DSS, the malware root kit usually blamed for the exploit have fixed their end of it!
So who are these people? We don't know. We do know though that there are currently three major botnets: Gumblar, Asprox, and Zeus. Between the three of them, they accounted for 17% of all the malware on the Web in 2009.
Some of these are used by private individuals for profits. In some cases, though, they seem to be working hand in glove with rogue governments like China. No matter who's behind the software, these botnets are being used to break into and steal secrets from both public companies like Adobe and Google to no one knows how many private businesses.
The bottom line, as useful as the Internet is, you've got to be more cautious than ever about you and your business uses it. In particular, if you're working in a line that criminals want to attack, I don't think that you can be too paranoid with your PC and network security defenses. After all, your attackers are businesses just like yours in search of a quick profit.
