|By Business Wire||
|August 13, 2014 09:02 AM EDT||
Damballa, the experts in advanced threat protection and containment, today released its Q2 State of Infections Report highlighting that, when it comes to active malware infection, ‘size doesn’t matter’ – large and small enterprises alike had a wide range of infection rates. The report revealed that, on a given day during the quarter, as many as 18.5 % of an enterprises’s computers were actively communicating with criminals. It also revealed the longer-than-expected success of Operation Tovar, but a dramatic rise in forms of ransomware.
Report: Key Findings
- Up to 18.5% of business devices were communicating with criminals on any given business day.
However, the data revealed no correlation between the size of the enterprise and the proportion of machines with active infections. For example, an enterprise with more than 200,000 machines could have a handful of infections, while others may have thousands of infections. Similarly, some smaller companies with less than 600 devices had disproportionately high numbers of infections, while others were fairly clean. In other words, company policies, more than company size, determined the cleanliness of any given network.
- GameoverZeus (GoZ) - No Immediate Resurgence
Q2's Operation Tovar marked a milestone for dealing with global public health and the co-ordinated efforts involving law enforcement and the wider security community in the takedown of the notorious GameoverZeus (GoZ) botnet and its payload, Cryptolocker. GoZ infected more than 1 million devices globally and collected hundreds of millions of dollars through financial fraud.1 While it's possible that criminals may attempt to resurrect or create a new variant, in the past quarter, Damballa and other industry researchers have observed a lack of any immediate resurgence.
- Kovter Ransomware Skyrockets
Conversely, Damballa's Threat Research team notes an increase in ransomware infections over the past 18 months. Specifically, Damballa has observed a sharp rise in Kovter Ransomware Infections - a form of police ransomware fraud first detected in 2013. During the height of activity in June, infections reached 43,713 known infected devices on a single day. Month over month, average daily infections increased a massive 153% in May and 52% in June.
According to Brian Foster, CTO of Damballa, "As the report reveals, managing infections requires constant vigilance; advanced malware is designed to be evasive and threat actors are constantly seeking the next weakness to exploit. As this report notes, there is no correlation between size of the enterprise and the rate of infected devices. Smaller organizations can have a very high ratio of infected devices and large enterprises can have low infection rates. It depends on the security controls in place. We recommend that security teams work under the assumption that prevention is not fail proof, so the ability to automatically detect and accelerate the time to response is essential to minimizing risk."
He continues: "When it comes to mass infections, we can apply best practices from Operation Tovar as a blueprint for managing global cyber public health. It underscores the need for continued, co-ordinated efforts across the security community. These lessons must continue to shape our activity; threat actors are well resourced, agile and quick to adapt. Our approach to response must match this."
The full Q2 State of Infections Report can be downloaded at: https://www.damballa.com/state-infections-report-q2-2014/
As the experts in advanced threat protection and containment, Damballa discovers active threats that bypass all security prevention layers. Damballa identifies evidence of malicious network traffic in real time, rapidly pinpointing the compromised devices that represent the highest risk to a business. Our patented solutions leverage Big Data from the industry's broadest data set of consumer and enterprise network traffic, combined with machine learning, to automatically discover and terminate criminal activity, stopping data theft, minimizing business disruption, and reducing the time to response and remediation. Damballa protects any device or OS including PCs, Macs, Unix, iOS, Android, and embedded systems. Damballa protects more than 400 million endpoints globally at enterprises in every major market and for the world's largest ISP and telecommunications providers. For more information, visit www.damballa.com, or follow us on Twitter @DamballaInc.
Jul. 1, 2015 07:15 PM EDT Reads: 2,448
Jul. 1, 2015 05:00 PM EDT Reads: 734
Jul. 1, 2015 05:00 PM EDT Reads: 2,187
Jul. 1, 2015 04:09 PM EDT Reads: 409
Jul. 1, 2015 03:30 PM EDT Reads: 1,019
Jul. 1, 2015 03:00 PM EDT Reads: 1,909
Jul. 1, 2015 02:45 PM EDT Reads: 1,037
Jul. 1, 2015 02:30 PM EDT Reads: 1,161
Jul. 1, 2015 02:21 PM EDT Reads: 494
Jul. 1, 2015 01:15 PM EDT Reads: 2,142
Jul. 1, 2015 12:54 PM EDT Reads: 532
Jul. 1, 2015 12:15 PM EDT Reads: 2,038
Jul. 1, 2015 12:00 PM EDT Reads: 1,987
Jul. 1, 2015 11:45 AM EDT Reads: 1,005
SYS-CON Events announced today that JFrog, maker of Artifactory, the popular Binary Repository Manager, will exhibit at SYS-CON's @DevOpsSummit Silicon Valley, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. Based in California, Israel and France, founded by longtime field-experts, JFrog, creator of Artifactory and Bintray, has provided the market with the first Binary Repository solution and a software distribution social platform.
Jul. 1, 2015 11:30 AM EDT Reads: 953