SecureWorks sees 90% rise in hacks aimed at utilities

From the press release:

Number of Hackers Targeting Utilities

Increases 90 Percent According to

SecureWorks' Data

ATLANTA - October 5, 2007 - SecureWorks, one of the industry's leading managed security services providers protecting over 1,800 clients and 100 utilities, has seen a 90 percent increase in the number of hackers attempting to attack its utility clients this year. From January through April, SecureWorks blocked an average of 49 attackers per utility client per day. Whereas, from May through September, it saw an average of 93 hackers attempt attacks on each of its utility clients per day. "When researching these new statistics, we found that Web Browser attacks represented a large number of the attacks attempted against our clients, including our utility customers," said Wayne Haber, director of development at SecureWorks. Computer users can become victims of browser attacks by visiting Web sites, which unbeknownst to them is hosting malware, or by clicking on a malicious link in an email or instant message. "In 2007, we blocked significantly more browser attacks for our clients then we did the year prior, as many of the top trojans are using websites and email links as infection vectors. Some of the most prominent malware using these tactics include the Gozi, Prg, Storm and BBB/IRS trojans, see . Unfortunately, there are companies that don't employ an Intrusion Prevention Solution and depend solely on their anti-virus software to protect them. This tactic can make many of them vulnerable because anti-virus vendors are often not able to release protections until several weeks after a new piece of malware has been out in the wild," said Haber. Utility providers, as well as other companies, can protect themselves and their employees more adequately from hackers by:
  • Implementing strong Internet usage policies for employees. These policies should be documented and also enforced via Web proxying solutions.
  • Checking for software updates frequently. Enterprise software vendors often release updates when improvements are made or when new vulnerabilities are discovered.
  • Educating employees on the latest social engineering tactics so they are aware of the dangers and how to avoid them.