|
Atlanta, GA, Oct. 22, 2007 -- SecureWorks, a security services provider, has seen a 90 percent increase in the number of hackers attempting to attack its utility clients this year. From January through April, SecureWorks blocked an average of 49 attackers per utility client per day. Whereas, from May through September, it saw an average of 93 hackers attempt attacks on each of its utility clients per day.
"When researching these new statistics, we found that web browser attacks represented a large number of the attacks attempted against our clients, including our utility customers," said Wayne Haber, director of development at SecureWorks.
Computer users can become victims of browser attacks by visiting Web sites, which unbeknownst to them is hosting malware, or by clicking on a malicious link in an email or instant message.
"In 2007, we blocked significantly more browser attacks for our clients then we did the year prior, as many of the top trojans are using websites and email links as infection vectors. Some of the most prominent malware using these tactics include the Gozi, Prg, Storm and BBB/IRS Trojans... Unfortunately, there are companies that don't employ an Intrusion Prevention Solution and depend solely on their anti-virus software to protect them. This tactic can make many of them vulnerable because anti-virus vendors are often not able to release protections until several weeks after a new piece of malware has been out in the wild," said Haber.
Utility providers, as well as other companies, can protect themselves and their employees more adequately from hackers by:
* Implementing strong Internet usage policies for employees. These policies should be documented and also enforced via Web proxying solutions.
* Checking for software updates frequently. Enterprise software vendors often release updates when improvements are made or when new vulnerabilities are discovered.
* Educating employees on the latest social engineering tactics so they are aware of the dangers and how to avoid them.
Also, the North American Electric Reliability Corporation (NER) released its Cyber Security Standards CIP 002-009 last year. These standards outline minimum requirements needed to ensure security of the electronic exchange of information, and can be found at http://www.nerc.com/.
For more about the threats SecureWorks has researched, see www.secureworks.com/research/threats/.
For more news and exclusive features from Utility Automation & Engineering T&D and Electric Light & Power online, please click here.
| 
Web Exclusives 
| View all PennWell sites | View all PennWell events
Add RSS Feed
