Mountain View, Calif. - Close to 40% of the financial services and banking industry sector suffered the most Trojan attacks, outranking peer industries as the most exposed to probes and enumeration attempts.This is one of the findings of joint research conducted by Counterpane Internet Security Inc., a provider of networked information protection, and MessageLabs, a provider of messaging security and management services.
The report, "2005 Attack Trends & Analysis," analyzes key cyber attacks--including Trojans, spyware, e-mail viruses and targeted attacks across 15 industry sectors--and discusses how these attacks affect organizations and outlines the extent of potential damages.
"Hackers are starting to deploy tactics that bypass stronger authentication schemes," says Alex Shipp, senior anti-virus technologist, at MessageLabs. "We have seen a Trojan program that did not have to trick victims out of revealing their password, but instead waited for the victim to check their bank balance and the Trojan then silently siphoned money out of the account. We expect this kind of activity to become more prevalent as banks move to stronger forms of authentication, as tactics typically change only when they need to."
"Cyber attacks will cause greater damage to corporations in the coming years," warns Bruce Schneier, founder and chief technology officer of Counterpane. "We estimate that some malware with a modest infection rate could cost a small company $83,000 a year. The larger a company is, and the deeper an infection goes, the higher the costs--$1 million or more. And these are just direct losses. Factor in intangibles, such as reputation and customer trust, and the damage is even more severe."
Key findings of the research:
- Close to 40% of the financial services and banking industry sector suffered the most Trojan attacks. This sector again outranked its peer industries as the most exposed to probes and enumeration attempts, at nearly 30% of total targeted scan attacks worldwide.
- Hackers are engineering Trojan attacks and targeted scans to exploit weaknesses in the security posture of financial institutions. The FBI, the IMF, and the FTC all agree the financial sector has become a lucrative target for the financially motivated hacker.
- Pharmaceutical-health care is the industry most frequently attacked by spyware, and the utilities, power & energy sector experienced the most significant increase of spyware infestation compared to any other sector.
- Spyware will become the new threat vector for hacking into the corporate enterprise, and the health care, pharmaceuticals, utilities, and power & energy verticals are the most vulnerable.
- The health care business sector must consider the potential loss of life, remediation costs and wasted employee resources when completing a risk assessment of its corporate enterprise.
- Cyber-criminals will further exploit instant messaging environments as business adoption of IM increases; IM presents an increasingly attractive criminal gateway into the enterprise.
- Spear phishing targets the weakest links in a business' supply chain. Compromises can result in a loss of revenue, damage to reputation, and the potential imposition of regulatory and legal penalties.
Sources: Counterpane Internet Security, MessageLabs
