Recent evidence indicates that the nature of cyber crime is changing, even as it increases, and may pose a particular threat to intellectual property and confidential data in the energy and oil sectors. Less clear is what the intent of these malware attacks actually is. The ScanSafe Annual Global Threat Report 2008 finds, based on an analysis of more than 240 billion requests for analysis by the company’s corporate customers, that there was near 600% malware growth between like quarters in 2007 and 2008, and a 300% volume ratio increase from January 2008 through December 2008. Moreover, a vertical industry analysis of malware growth found the energy and oil sector to rank in the top five targets in all threat categories. But energy and oil leads the pack by a long shot when it comes to one important category: encounters with unique new variants of data theft trojans. On average, companies included in the analysis, said ScanTech, encountered 57 unique new variants of data theft Trojans in the first three quarters of 2008. In the energy and oil sector, however, that number was 213, an elevated exposure of nearly 400%. Most malware gains entrance to a corporate network through user visits to compromised sites, which sites are increasingly harder to detect. It is ScanTech’s thesis that as the global economy trends downward, cyber crime is trending sharply upward. And while providing little evidence other than these alarming statistics, it further asserts that “today’s malware can only be described as a massive criminal data harvesting operation, designed to steal intellectual property or confidential data and sell it to the highest bidder.” While the most obvious targets of these type attacks are confidential employee or customer information, the vertical industry distribution noted by ScanTech — with other leading industry targets including engineering & construction, manufacturing, and IT & telecommunications — might suggest otherwise. Criminals have gained another powerful advantage. With advances in the technology and sophistication of cyber attacks, malware delivered through the web can be remotely customized and configured once in place, based on the victim’s identity. “For the enterprise,” says ScanTech, “such an infection will likely be configured to steal intellectual property and potentially to eavesdrop on all network transmissions via ARP poisoning or other man-in-the-middle attacks.” Unfortunately, while in some countries, including the US, companies are legally obligated to disclose evidence of cyber theft related to employee or customer information, they are not obliged to do so as it relates to intellectual property and other type sensitive business information. That makes it difficult to know how much and what type business information is being stolen across the energy and oil industry. In general, the specifics of criminally constructed malware, its nature and intent, have become the realm of highly trained specialists, with a vocabulary impenetrable to the educated generalist. To take just one example, categories of malware include exploit & Iframe; backdoor & PWS; download dropper; rogue scanner; Trojan-general; redirector; and virus & worm.
Recommended Reading
TurningPoint Energy Names Naini as President
2024-01-09 - Salar Naini, who previously served as executive vice president of business development for TurningPoint, will lead the company’s daily business operations.
Dorchester Minerals Announces Retirement of James E. Raley
2024-01-05 - Dorchester’s board designated Raley as manager emeritus in recognition of his service.
APA Promotes Stephen J. Riney to President
2024-01-10 - Stephen Riney joined APA in 2015 and has served as the company’s executive vice president and CFO.
Enterprise Declares Quarterly Cash Distribution
2024-01-08 - Enterprise Products Partners’ distribution will be paid Feb. 14 to common unitholders of record by Jan. 31.
Ovintiv Names Sippy Chhina to Board of Directors
2024-01-12 - Chhina recently retired as a partner at services firm Deloitte Canada LLP.