Among the long list of bills reintroduced with the opening of the U.S. Congress on Jan. 5 were two filed by Sen. Dianne Feinstein, D-Calif., aimed at forcing companies to better protect consumer information and publicly report any potential mishandlings.
However, according to a range of IT security researchers, businesses should be just as afraid of having their own valuable data stolen by hackers as they should be scared of losing customer records, because it appears malware writers are aggressively ramping up their efforts to create attacks meant to target corporate information.
While few virus examples have been publicly identified that exhibit this growing focus on stealing valuable business data, versus the many that have been unearthed that target consumers' personally identifiable information, analysts say there is plenty of evidence that the trend is picking up momentum.
"There's no doubt that this type of activity is becoming more popular; we've seen a lot more samples and kits, and real code, that is clearly designed to do things like grab files from local systems, to look for specific types of files used in business operations, and the valuable information in those files," said Dan Hubbard, vice president of security research at malware filtering specialists Websense, San Diego.
Hubbard said that in addition to viruses designed to find business documents such as spreadsheets and manufacturing templates, Websense has also seen attacks aimed at companies in specific vertical markets, most notably the aerospace industry. Unlike many of the attacks designed to dupe consumers into handing over their personal details, a high proportion of the enterprise info theft programs display a level of complexity that belies deep professionalism on the part of those writing the threats.