News | October 11, 2007

Number Of Hackers Targeting Utilities Increases 90 Percent According To SecureWorks' Data

Atlanta - SecureWorks, one of the industry's leading managed security services providers protecting over 1,800 clients and 100 utilities, has seen a 90 percent increase in the number of hackers attempting to attack its utility clients this year. From January through April, SecureWorks blocked an average of 49 attackers per utility client per day. Whereas, from May through September, it saw an average of 93 hackers attempt attacks on each of its utility clients per day.

"When researching these new statistics, we found that Web Browser attacks represented a large number of the attacks attempted against our clients, including our utility customers," said Wayne Haber, director of development at SecureWorks.

Computer users can become victims of browser attacks by visiting Web sites, which unbeknownst to them is hosting malware, or by clicking on a malicious link in an email or instant message.

"In 2007, we blocked significantly more browser attacks for our clients then we did the year prior, as many of the top trojans are using websites and email links as infection vectors. Some of the most prominent malware using these tactics include the Gozi, Prg, Storm and BBB/IRS trojans, see http://www.secureworks.com/research/threats/ . Unfortunately, there are companies that don't employ an Intrusion Prevention Solution and depend solely on their anti-virus software to protect them. This tactic can make many of them vulnerable because anti-virus vendors are often not able to release protections until several weeks after a new piece of malware has been out in the wild," said Haber.

Utility providers, as well as other companies, can protect themselves and their employees more adequately from hackers by:

  • Implementing strong Internet usage policies for employees. These policies should be documented and also enforced via Web proxying solutions.
  • Checking for software updates frequently. Enterprise software vendors often release updates when improvements are made or when new vulnerabilities are discovered.
  • Educating employees on the latest social engineering tactics so they are aware of the dangers and how to avoid them.

NERC, a nonprofit corporation formed to ensure that the bulk electric system in North America is reliable, adequate and secure, released its Cyber Security Standards CIP 002-009 last year. These standards outline minimum requirements needed to ensure security of the electronic exchange of information, and can be found at http://www.nerc.com/. For more information about how SecureWorks is helping utilities comply with the CIP standards, see http://www.secureworks.com/assets/print/data_sheet_nerccip.pdf

About SecureWorks
With over 1,800 clients including 100 utility providers, SecureWorks has become one of the largest managed security services providers in the market. SecureWorks provides effective security services by leveraging our integrated security management platform, advanced security research, and 100 percent GIAC certified experts. By providing a full breadth of security services, SecureWorks offers fully-managed, co-managed, monitored or self-service security solutions to meet the needs of Fortune 100 companies with large security teams as well as smaller companies with no security expertise. In addition, SecureWorks has helped companies pass over 2,400 compliance audits by providing comprehensive and straight-forward board and examination reports. SecureWorks won SC Magazine's 2007 and 2006 MSSP of the Year award and the 2006 Best Intrusion Prevention award, Frost & Sullivan's 2006 Entrepreneurial Company of the Year award and was named to the Deloitte & Touche, Inc. 500 and Inc. 5000 lists of fastest growing companies for the past three years. Recently, SecureWorks made #92 on Entrepreneur Magazine's list of the Hot 500 fastest growing businesses in the US.

SOURCE: SecureWorks