Recent evidence indicates that the nature of cyber crime is changing, even as it increases, and may pose a particular threat to intellectual property and confidential data in the energy and oil sectors. Less clear is what the intent of these malware attacks actually is. The ScanSafe Annual Global Threat Report 2008 finds, based on an analysis of more than 240 billion requests for analysis by the company’s corporate customers, that there was near 600% malware growth between like quarters in 2007 and 2008, and a 300% volume ratio increase from January 2008 through December 2008. Moreover, a vertical industry analysis of malware growth found the energy and oil sector to rank in the top five targets in all threat categories. But energy and oil leads the pack by a long shot when it comes to one important category: encounters with unique new variants of data theft trojans. On average, companies included in the analysis, said ScanTech, encountered 57 unique new variants of data theft Trojans in the first three quarters of 2008. In the energy and oil sector, however, that number was 213, an elevated exposure of nearly 400%. Most malware gains entrance to a corporate network through user visits to compromised sites, which sites are increasingly harder to detect. It is ScanTech’s thesis that as the global economy trends downward, cyber crime is trending sharply upward. And while providing little evidence other than these alarming statistics, it further asserts that “today’s malware can only be described as a massive criminal data harvesting operation, designed to steal intellectual property or confidential data and sell it to the highest bidder.” While the most obvious targets of these type attacks are confidential employee or customer information, the vertical industry distribution noted by ScanTech — with other leading industry targets including engineering & construction, manufacturing, and IT & telecommunications — might suggest otherwise. Criminals have gained another powerful advantage. With advances in the technology and sophistication of cyber attacks, malware delivered through the web can be remotely customized and configured once in place, based on the victim’s identity. “For the enterprise,” says ScanTech, “such an infection will likely be configured to steal intellectual property and potentially to eavesdrop on all network transmissions via ARP poisoning or other man-in-the-middle attacks.” Unfortunately, while in some countries, including the US, companies are legally obligated to disclose evidence of cyber theft related to employee or customer information, they are not obliged to do so as it relates to intellectual property and other type sensitive business information. That makes it difficult to know how much and what type business information is being stolen across the energy and oil industry. In general, the specifics of criminally constructed malware, its nature and intent, have become the realm of highly trained specialists, with a vocabulary impenetrable to the educated generalist. To take just one example, categories of malware include exploit & Iframe; backdoor & PWS; download dropper; rogue scanner; Trojan-general; redirector; and virus & worm.