|By Business Wire||
|August 13, 2014 09:02 AM EDT||
Damballa, the experts in advanced threat protection and containment, today released its Q2 State of Infections Report highlighting that, when it comes to active malware infection, ‘size doesn’t matter’ – large and small enterprises alike had a wide range of infection rates. The report revealed that, on a given day during the quarter, as many as 18.5 % of an enterprises’s computers were actively communicating with criminals. It also revealed the longer-than-expected success of Operation Tovar, but a dramatic rise in forms of ransomware.
Report: Key Findings
- Up to 18.5% of business devices were communicating with criminals on any given business day.
However, the data revealed no correlation between the size of the enterprise and the proportion of machines with active infections. For example, an enterprise with more than 200,000 machines could have a handful of infections, while others may have thousands of infections. Similarly, some smaller companies with less than 600 devices had disproportionately high numbers of infections, while others were fairly clean. In other words, company policies, more than company size, determined the cleanliness of any given network.
- GameoverZeus (GoZ) - No Immediate Resurgence
Q2's Operation Tovar marked a milestone for dealing with global public health and the co-ordinated efforts involving law enforcement and the wider security community in the takedown of the notorious GameoverZeus (GoZ) botnet and its payload, Cryptolocker. GoZ infected more than 1 million devices globally and collected hundreds of millions of dollars through financial fraud.1 While it's possible that criminals may attempt to resurrect or create a new variant, in the past quarter, Damballa and other industry researchers have observed a lack of any immediate resurgence.
- Kovter Ransomware Skyrockets
Conversely, Damballa's Threat Research team notes an increase in ransomware infections over the past 18 months. Specifically, Damballa has observed a sharp rise in Kovter Ransomware Infections - a form of police ransomware fraud first detected in 2013. During the height of activity in June, infections reached 43,713 known infected devices on a single day. Month over month, average daily infections increased a massive 153% in May and 52% in June.
According to Brian Foster, CTO of Damballa, "As the report reveals, managing infections requires constant vigilance; advanced malware is designed to be evasive and threat actors are constantly seeking the next weakness to exploit. As this report notes, there is no correlation between size of the enterprise and the rate of infected devices. Smaller organizations can have a very high ratio of infected devices and large enterprises can have low infection rates. It depends on the security controls in place. We recommend that security teams work under the assumption that prevention is not fail proof, so the ability to automatically detect and accelerate the time to response is essential to minimizing risk."
He continues: "When it comes to mass infections, we can apply best practices from Operation Tovar as a blueprint for managing global cyber public health. It underscores the need for continued, co-ordinated efforts across the security community. These lessons must continue to shape our activity; threat actors are well resourced, agile and quick to adapt. Our approach to response must match this."
The full Q2 State of Infections Report can be downloaded at: https://www.damballa.com/state-infections-report-q2-2014/
As the experts in advanced threat protection and containment, Damballa discovers active threats that bypass all security prevention layers. Damballa identifies evidence of malicious network traffic in real time, rapidly pinpointing the compromised devices that represent the highest risk to a business. Our patented solutions leverage Big Data from the industry's broadest data set of consumer and enterprise network traffic, combined with machine learning, to automatically discover and terminate criminal activity, stopping data theft, minimizing business disruption, and reducing the time to response and remediation. Damballa protects any device or OS including PCs, Macs, Unix, iOS, Android, and embedded systems. Damballa protects more than 400 million endpoints globally at enterprises in every major market and for the world's largest ISP and telecommunications providers. For more information, visit www.damballa.com, or follow us on Twitter @DamballaInc.
Oct. 24, 2016 02:15 PM EDT Reads: 3,980
Oct. 24, 2016 02:15 PM EDT Reads: 3,903
Oct. 24, 2016 02:00 PM EDT Reads: 34,144
Oct. 24, 2016 01:15 PM EDT Reads: 1,447
Oct. 24, 2016 01:00 PM EDT Reads: 1,002
Oct. 24, 2016 01:00 PM EDT Reads: 830
Oct. 24, 2016 01:00 PM EDT Reads: 860
Oct. 24, 2016 12:45 PM EDT Reads: 4,708
Oct. 24, 2016 12:30 PM EDT Reads: 1,209
Oct. 24, 2016 12:30 PM EDT Reads: 989
Oct. 24, 2016 12:15 PM EDT Reads: 8,414
Oct. 24, 2016 11:45 AM EDT Reads: 1,312
Oct. 24, 2016 11:45 AM EDT Reads: 1,518
Oct. 24, 2016 10:45 AM EDT Reads: 3,871
SYS-CON Events announced today that Cemware will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Use MATLAB functions by just visiting website mathfreeon.com. MATLAB compatible, freely usable, online platform services. As of October 2016, 80,000 users from 180 countries are enjoying our platform service.
Oct. 24, 2016 10:30 AM EDT Reads: 833