News Stay informed about the latest enterprise technology news and product updates.

Cybercrime 2012: Malware attacks prominent in retail, financial industries

Malware attacks were the most prominent in the retail and financial services industries in 2012.

Nearly half of companies in the retail and financial services industries experienced a cyberattack in 2012, primarily...

driven by financially motivated cybercriminals using automated attack tools, according to a new cybercrime 2012 threat report, issued today.

These people are going down the chain and targeting smaller merchants.

Andreas Baumhof,
CTO, ThreatMetrix

The ThreatMetrix Inc. 2012 State of Cybercrime study surveyed 200 U.S. business managers and IT executives within retail and financial services organizations. It found that 45% of these organizations experienced a cybersecurity attack in 2012.

Malware, Trojan and phishing, were among the most common attacks, meanwhile lost or stolen mobile devices that resulted in data breaches were also a serious problem experienced by retail and financial institutions this year. Those surveyed indicated malware was the biggest problem, with 53.9% of organizations experiencing at least one attack. Trojan attacks hit 52.9% of companies at least once, while phishing attacks affected 49.6%, according to those surveyed. Lost and stolen mobile devices were an issue for 46.1% of companies, and 35.8% were affected by a data breach.

Andreas Baumhof, CTO at the San Jose, Calif.-based ThreatMetrix Inc., said Trojans, designed to act like a legitimate file to dupe individuals and antivirus software, are popular because they are easy for cybercriminals to obtain and relatively cheap.

"These Trojans are readily available on the Internet," Baumhof said.

Experts also point out that automated attack toolkits can also be purchased and used with relatively little technical knowledge of carrying out an attack. Some toolkits, such as the notorious Black Hole Exploit Kit, offer subscriptions that give attackers updates of new exploits and malware variants.

Respondents ranked malware attacks as the most disruptive security problem. Phishing attacks and Trojan attacks rounded out the top three.

In response to an IT security attack, 45% of companies made small changes to their online fraud systems policies, 19% made significant changes, and 27% continued as normal.

Baumhof attributed the lack of action by some companies to their outlook toward security. Some companies are reluctant to invest in security because executives view it like insurance, he said, they don't want to pay for it because their company could go a few years before they need it.

Baumhof emphasized that attackers are targeting companies of all sizes.

"These people are going down the chain and targeting smaller merchants," he said.

To combat attacks, Baumhof said security departments need to take a holistic view of security, and not just look for the quick fix to a current problem.

Baumhof recommended that security teams "plan strategically in the early stages of deployment what [their] countermeasures are."

Dig Deeper on Malware, virus, Trojan and spyware protection and removal



Find more PRO+ content and other member only offers, here.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.







  • CIO Trends #6: Nordics

    In this e-guide, read how the High North and Baltic Sea collaboration is about to undergo a serious and redefining makeover to ...

  • CIO Trends #6: Middle East

    In this e-guide we look at the role of information technology as the Arabian Gulf commits billions of dollars to building more ...

  • CIO Trends #6: Benelux

    In this e-guide, read about the Netherlands' coalition government's four year plan which includes the term 'cyber' no fewer than ...