Most firms worldwide fell victim to computer virus attack last year - survey

MOSCOW, Russia – With the continued proliferation of industrial espionage and intellectual property theft, more than half of businesses worldwide have experienced some form of virus attack in their computer systems over the last 12 months, a study by a leading anti-virus company said.

In a press conference here Kaspersky Lab chief operating officer Eugene Buyakin disclosed that their study in 20 countries showed that 60 percent of all business operations experienced malware incident in the last year.

Malware is short for malicious software. Wikipedia defines it as a software designed to secretly access a computer system without the owner’s informed consent. Because it can attack without the knowledge of the computer user and it can gain access to confidential documents in the hard drive, Buyakin said malware poses a real problem with real losses.

Although 60 percent experienced some form of malware, Buyakin said less than 20 percent experienced data loss and less than 10 percent said money was lost.

“The industry challenge is to spread the knowledge without creating panic and losing credibility,” Buyakin said. However, in spite of the realness of the threat, he noted that there is no long-term anti-malware strategy for most organizations.

Stefan Tanase, senior security researcher of Kaspersky, said the malware attack can begin by simply opening an email. He said opening a file in an email can trigger the attack without the user knowing it. He said there is also no sign that a malware was installed in the computer that is why the user will continue to do his business of, for instance, writing confidential company information, or storing personal data like bank statements and the like.

Any transaction or file written after the malware is installed will be open for the hacker to copy and this can be dangerous especially when everything is done through computers. It is similar to opening entire operations and even future plans to the attacker.

With the data open to an outsider, the victim is now open to intellectual property theft and corporate sabotage, Tanase said.

He warned that everyone is vulnerable to the attacks. In fact, even Fortune 100 companies were attacked during Operation Aurora. Google, Intel, Yahoo, Juniper, Dow Chemical and 30 other companies were subjected to highly sophisticated attacks.

Tanase said if firms like Google, which are capable of hiring the most skilled engineers and programmers, are attacked, then everyone is vulnerable. For instance the super malware Stuxnet was a targeted attack which infected Siemens, among others.

In a targeted attack, Tanase said one email is enough and it is possible that the companies do not know that their system has already been infected. The scary part, he noted is that classic signature based anti-virus is useless in targeted malware attacks.

“A highly determined attacker will eventually succeed,” Tanase said. To survive the attack, Tanase said companies must have a reporting process for employees. This means that all attempted attacks should be reported and monitored. If possible, he said a round-the-clock security team with extremely fast reaction time must be put in place.