Hackers Targets Utility Companies in US
As per a security company, there has been a 90% increase in the number of the hacker attacks in US utility companies in the past 9 months' period.
A Managed Security Services company, SecureWorks, which serves 100 US utilities, reported on 5th October 2007 that it tracked 90% rise in attacks on the company's utility consumers this year. In between January and April, SecureWorks had blocked minimum 49 attackers per utility customer in a single day. But during May-September, the researchers at the company found that a minimum of 93 attackers try to attack each of the utility customers every day.
Director of Development at SecureWorks, Wayne Haber, told SCMagazineUS.com on 5th October 2007 that most hackers targeted Web browsers, which implies they may be attempting to expand botnets.
He said that they observed the browser attacks and found that attackers are trying to build more bots for botnets. He also said that they are researching to find out the reason behind increased targets on utilities; it is possible that they have many workstations that interest the people developing botnets.
Wayne Haber wrote a statement, which said that they have stopped substantially more number of browser attacks for their customers in 2007 than they had done in 2006, and that is because most trojans uses e-mails and Websites' links as the infecting vectors. Wayne also revealed that the most outstanding malware employing these strategies include Prg, Gozi, BBB/IRS and Storm Trojan. InfoWorld reported this news on 5th October 2007.
SecureWorks' researchers noted that individual users could be risked by these attacks when they visit the Websites secretly holding the malware. And if utilities end up holding malware, the companies' users themselves could fall victims.
A convicted hacker, Robert Moore, in a latest interview with the Information Week, said that out of the companies he had scanned, 70% were insecure, and some 40% -50% VoIP providers were not secured. The reason behind such a big cause of insecurity was default passwords, which were never changed.
SecureWorks' researchers are of the view that the utility providers and the companies could protect their employees and themselves from the attackers more effectively by employing strict Internet usage guidelines for their employees, keeping frequent checks on software updates and educating their employees on the most recent social engineering strategies to make them aware of risks and processes to avoid them.
Related article: Hackers Redirect Windows Live Search to Malicious Sites
» SPAMfighter News - 16-10-2007