Skip nav

Critical Infrastructure Twice as Likely to be Targeted by Cybercriminals

Leading Provider of SaaS Web Security Releases Annual Global Threat Report

LONDON and SAN BRUNO, Calif. — February 11, 2010 — ScanSafe, the pioneer and leading provider of SaaS Web Security, today issued its Annual Global Threat Report, revealing that critical infrastructure such as energy, pharmaceutical and government assets are more than twice as likely to be targeted by cybercriminals than other organizations. The report is based on an analysis of more than a trillion Web requests processed in 2009 by the ScanSafe Threat Center on behalf of the company’s corporate customers in more than 100 countries. It represents the world’s largest security analysis of real-time traffic.

ScanSafe’s research reflects a disturbing trend – organizations that harness the most valuable intellectual data are encountering Web malware with much greater frequency than other verticals. The report outlines the verticals most at risk as:

1. Energy & Oil with a 356% greater rate of direct encounters with data theft trojans;
2. Pharmaceutical & Chemical with a 322% greater rate;
3. Government with a 252% greater rate;
4. Banking & Finance with a 204% greater rate.

“There is a misconception that cybercriminals are only intent on stealing data intended for credit card fraud and identity theft. In reality, cybercriminals are casting a much wider net,” said Mary Landesman, senior security researcher at ScanSafe. “Consumer credit card details are child’s play compared to the value of infrastructure and intellectual data from these sensitive verticals. The message is clear – cyberwar is already here. The Web is the battlefield and the enterprise is on the frontlines.”

In addition, the report reveals that Web-delivered malware more than doubled through the course of the year. At the start of 2009, the average enterprise experienced 8 Web malware encounters each day. By the end of 2009, the rate of exposure had more than doubled to 19 encounters per day. Twenty-three percent of those encounters were with zero day malware undetectable by signature-based methodologies and nineteen percent were direct encounters with data theft trojans.

Other key findings include:

• Malware is the new Internet business of choice

The business structure behind cybercrime today is not unlike the business structure behind any other global economy. Attackers play many roles in this commercial world including ‘The Sole Proprietor’, ‘The Middleman’, ‘The Developer’, and ‘The Buyer’.

• Gumblar botnet dominated the malware scene in 2009

14% of the total Web malware blocks for the year were from Gumblar. This peaked to 35% of all blocks in November 2009. Asprox was the second largest at 2% of all Web malware blocks and Zeus was the third largest with 1%.

• Malicious PDF files are up, malicious Flash files are down

Malicious PDF files comprised 56% of Web-encountered exploits in 1Q09, growing to 80% by 4Q09. Flash exploits encountered via the Web dropped from 40% in 1Q09 to 18% in 4Q09. This trend is likely indicative of attackers’ preference for PDF exploit, likely due to the increasing availability of vulnerabilities and the continued widespread use and acceptance of PDF files in the workplace.

“To confront the challenges of the coming years, we must reposition our thinking to match the new reality. We must forgo our perceived familiarities and see the issues that are already at hand – the criminal business of data harvesting,” comments Landesman. “Our defenses must extend beyond the confines of brick and mortar and into the cloud to ensure end-to-end protection of our most sensitive assets and people, regardless of operating system, device or geo-locale.”

To obtain a full copy of the ScanSafe Annual Global Threat Report, please visit

About ScanSafe

ScanSafe (, now a part of Cisco, is the pioneer and largest global provider of SaaS Web Security, ensuring a safe and productive Internet environment for businesses. ScanSafe solutions keep malware off corporate networks and allow businesses to control and secure the use of the Web. As a SaaS solution, ScanSafe eliminates the burden of purchasing and maintaining infrastructure in-house, significantly lowering the total cost of ownership. Powered by its proactive, multilayered Outbreak Intelligence™ threat detection technology, ScanSafe processes more than 20 billion Web requests and 200 million blocks each month for customers in over 100 countries.

In 2009, the company was awarded “Best Content Security” solution by SC Magazine for the third consecutive year.

Media Contact:

Susie Bailey
Office: +44 (0) 20 7034 9378
Mobile: +44 (0) 7875 360 437