Report: Energy Companies Are Top Target of Web-Borne Malware

Bad news for the energy industry: Energy companies worldwide have a nearly 200 percent rate of being hit with Web-borne malware attacks, according to a new report from ScanSafe.

Energy companies experienced more Web-based malware attacks than any other vertical market in the third quarter of this year, with an increased rate of exposure of 189 percent, followed by the pharmaceuticals and chemical industry, with 181 percent; construction, 144 percent; transportation, 121 percent; and the media, 93 percent risk, according to ScanSafe’s new "Global Threat Report."

“Given the global impact of the Energy & Oil sector, it is particularly troubling to see that this sensitive sector is at the highest risk of Web-based malware,” said Mary Landesman, senior security researcher at ScanSafe in a statement. “And when one considers the top three most at risk sectors include Energy, Chemicals, and Engineering, one has to question whether these encounters are incidental or whether these particular sectors are under attack.”

Overall, corporations experienced 338 percent more Web-based malware in the third quarter versus the first quarter, and 553 percent more than in the fourth quarter of last year, the report says. ScanSafe attributes this jump to the wave of SQL injection attacks that have hit Websites over the past few months, as well as socially engineered email. Most of the malware came from legitimate sites.

As for the types of malware, backdoor and password-stealing Trojans increased by 267 percent from January to September. “Although Web-based malware threats have continued to increase quarter over quarter, the levels did plateau in August and September 2008,” Landesman says. “Despite the plateau, the level of malware throughout those months was at an all-time high compared to previous months, with the exception of July which had an unprecedented level of malware.”

— Kelly Jackson Higgins, Senior Editor, Dark Reading