Hacker Attacks On Some U.S. Utilities Up 90%

October 5, 2007

Sharon Gaudin

http://www.informationweek.com/management/showArticle.jhtml?articleID=202300190



The number of hacker attacks on some U.S. utility companies is up 90% in the last nine months, according to a security company.

SecureWorks, a managed security services company that serves 100 American utilities, reported Friday that it has tracked a 90% increase in the number of hackers trying to attack its utility clients this year. Between January and April, SecureWorks blocked an average of 49 attackers per utility client per day. However, between May and September, the company's researchers saw an average of 93 hackers attempt attacks on each of its utility clients every day.

"In 2007, we blocked significantly more browser attacks for our clients than we did the year prior, as many of the top Trojans are using Web sites and e-mail links as infection vectors," said Wayne Haber, director of development at SecureWorks, in a written statement. "Some of the most prominent malware using these tactics include the Gozi, Prg, Storm, and BBB/IRS Trojans.

Researchers at SecureWorks noted that these attacks can put individual users at risk. Computer users can be victimized by browser attacks if they visit Web sites, which are surreptitiously hosting malware. If the utilities end up hosting malware, the companies' users could become victims themselves.

Haber pointed out that the utilities, like any other company, can fend off these attacks by creating strong Internet usage policies for employees so they aren't duped by social engineering tricks or phishing schemes, putting themselves and their network at risk. He also reminds IT managers to make sure their systems are up-to-date with software patches.

In a recent interview with InformationWeek convicted hacker Robert Moore said 70% of all the companies he scanned were insecure, and 45% to 50% of VoIP providers were insecure. The biggest cause of that insecurity? Default passwords that had never been changed.

Moore recently began serving a two-year sentence for breaking into 15 telecommunications companies and hundreds of businesses worldwide as part of a scheme to steal voice over IP services and sell them through a separate company.


main page ATTRITION feedback