Welcome!

News Feed Item

Damballa Releases Q2 2014 State of Infections Report

Damballa, the experts in advanced threat protection and containment, today released its Q2 State of Infections Report highlighting that, when it comes to active malware infection, ‘size doesn’t matter’ – large and small enterprises alike had a wide range of infection rates. The report revealed that, on a given day during the quarter, as many as 18.5 % of an enterprises’s computers were actively communicating with criminals. It also revealed the longer-than-expected success of Operation Tovar, but a dramatic rise in forms of ransomware.

Report: Key Findings

  • Up to 18.5% of business devices were communicating with criminals on any given business day.

However, the data revealed no correlation between the size of the enterprise and the proportion of machines with active infections. For example, an enterprise with more than 200,000 machines could have a handful of infections, while others may have thousands of infections. Similarly, some smaller companies with less than 600 devices had disproportionately high numbers of infections, while others were fairly clean. In other words, company policies, more than company size, determined the cleanliness of any given network.

  • GameoverZeus (GoZ) - No Immediate Resurgence

Q2's Operation Tovar marked a milestone for dealing with global public health and the co-ordinated efforts involving law enforcement and the wider security community in the takedown of the notorious GameoverZeus (GoZ) botnet and its payload, Cryptolocker. GoZ infected more than 1 million devices globally and collected hundreds of millions of dollars through financial fraud.1 While it's possible that criminals may attempt to resurrect or create a new variant, in the past quarter, Damballa and other industry researchers have observed a lack of any immediate resurgence.

  • Kovter Ransomware Skyrockets

Conversely, Damballa's Threat Research team notes an increase in ransomware infections over the past 18 months. Specifically, Damballa has observed a sharp rise in Kovter Ransomware Infections - a form of police ransomware fraud first detected in 2013. During the height of activity in June, infections reached 43,713 known infected devices on a single day. Month over month, average daily infections increased a massive 153% in May and 52% in June.

According to Brian Foster, CTO of Damballa, "As the report reveals, managing infections requires constant vigilance; advanced malware is designed to be evasive and threat actors are constantly seeking the next weakness to exploit. As this report notes, there is no correlation between size of the enterprise and the rate of infected devices. Smaller organizations can have a very high ratio of infected devices and large enterprises can have low infection rates. It depends on the security controls in place. We recommend that security teams work under the assumption that prevention is not fail proof, so the ability to automatically detect and accelerate the time to response is essential to minimizing risk."

He continues: "When it comes to mass infections, we can apply best practices from Operation Tovar as a blueprint for managing global cyber public health. It underscores the need for continued, co-ordinated efforts across the security community. These lessons must continue to shape our activity; threat actors are well resourced, agile and quick to adapt. Our approach to response must match this."

The full Q2 State of Infections Report can be downloaded at: https://www.damballa.com/state-infections-report-q2-2014/

About Damballa

As the experts in advanced threat protection and containment, Damballa discovers active threats that bypass all security prevention layers. Damballa identifies evidence of malicious network traffic in real time, rapidly pinpointing the compromised devices that represent the highest risk to a business. Our patented solutions leverage Big Data from the industry's broadest data set of consumer and enterprise network traffic, combined with machine learning, to automatically discover and terminate criminal activity, stopping data theft, minimizing business disruption, and reducing the time to response and remediation. Damballa protects any device or OS including PCs, Macs, Unix, iOS, Android, and embedded systems. Damballa protects more than 400 million endpoints globally at enterprises in every major market and for the world's largest ISP and telecommunications providers. For more information, visit www.damballa.com, or follow us on Twitter @DamballaInc.

1 http://www.justice.gov/criminal/pr/speeches/2014/crm-speech-140715.html

More Stories By Business Wire

Copyright © 2009 Business Wire. All rights reserved. Republication or redistribution of Business Wire content is expressly prohibited without the prior written consent of Business Wire. Business Wire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

Latest Stories
Security, data privacy, reliability, and regulatory compliance are critical factors when evaluating whether to move business applications from in-house, client-hosted environments to a cloud platform. Quality assurance plays a vital role in ensuring that the appropriate level of risk assessment, verification, and validation takes place to ensure business continuity during the migration to a new cloud platform.
SYS-CON Events announced today the Kubernetes and Google Container Engine Workshop, being held November 3, 2016, in conjunction with @DevOpsSummit at 19th Cloud Expo at the Santa Clara Convention Center in Santa Clara, CA. This workshop led by Sebastian Scheele introduces participants to Kubernetes and Google Container Engine (GKE). Through a combination of instructor-led presentations, demonstrations, and hands-on labs, students learn the key concepts and practices for deploying and maintainin...
StackIQ has announced the release of Stacki 3.2. Stacki is an easy-to-use Linux server provisioning tool. Stacki 3.2 delivers new capabilities that simplify the automation and integration of site-specific requirements. StackIQ is the commercial entity behind this open source bare metal provisioning tool. Since the release of Stacki in June of 2015, the Stacki core team has been focused on making the Community Edition meet the needs of members of the community, adding features and value, while ...
Aspose.Total for .NET is the most complete package of all file format APIs for .NET as offered by Aspose. It empowers developers to create, edit, render, print and convert between a wide range of popular document formats within any .NET, C#, ASP.NET and VB.NET applications. Aspose compiles all .NET APIs on a daily basis to ensure that it contains the most up to date versions of each of Aspose .NET APIs. If a new .NET API or a new version of existing APIs is released during the subscription peri...
There will be new vendors providing applications, middleware, and connected devices to support the thriving IoT ecosystem. This essentially means that electronic device manufacturers will also be in the software business. Many will be new to building embedded software or robust software. This creates an increased importance on software quality, particularly within the Industrial Internet of Things where business-critical applications are becoming dependent on products controlled by software. Qua...
In addition to all the benefits, IoT is also bringing new kind of customer experience challenges - cars that unlock themselves, thermostats turning houses into saunas and baby video monitors broadcasting over the internet. This list can only increase because while IoT services should be intuitive and simple to use, the delivery ecosystem is a myriad of potential problems as IoT explodes complexity. So finding a performance issue is like finding the proverbial needle in the haystack.
"We host and fully manage cloud data services, whether we store, the data, move the data, or run analytics on the data," stated Kamal Shannak, Senior Development Manager, Cloud Data Services, IBM, in this SYS-CON.tv interview at 18th Cloud Expo, held June 7-9, 2016, at the Javits Center in New York City, NY.
Machine Learning helps make complex systems more efficient. By applying advanced Machine Learning techniques such as Cognitive Fingerprinting, wind project operators can utilize these tools to learn from collected data, detect regular patterns, and optimize their own operations. In his session at 18th Cloud Expo, Stuart Gillen, Director of Business Development at SparkCognition, discussed how research has demonstrated the value of Machine Learning in delivering next generation analytics to imp...
DevOps at Cloud Expo – being held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA – announces that its Call for Papers is open. Born out of proven success in agile development, cloud computing, and process automation, DevOps is a macro trend you cannot afford to miss. From showcase success stories from early adopters and web-scale businesses, DevOps is expanding to organizations of all sizes, including the world's largest enterprises – and delivering real results. Am...
With the proliferation of both SQL and NoSQL databases, organizations can now target specific fit-for-purpose database tools for their different application needs regarding scalability, ease of use, ACID support, etc. Platform as a Service offerings make this even easier now, enabling developers to roll out their own database infrastructure in minutes with minimal management overhead. However, this same amount of flexibility also comes with the challenges of picking the right tool, on the right ...
The 19th International Cloud Expo has announced that its Call for Papers is open. Cloud Expo, to be held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA, brings together Cloud Computing, Big Data, Internet of Things, DevOps, Digital Transformation, Microservices and WebRTC to one location. With cloud computing driving a higher percentage of enterprise IT budgets every year, it becomes increasingly important to plant your flag in this fast-expanding business opportuni...
With over 720 million Internet users and 40–50% CAGR, the Chinese Cloud Computing market has been booming. When talking about cloud computing, what are the Chinese users of cloud thinking about? What is the most powerful force that can push them to make the buying decision? How to tap into them? In his session at 18th Cloud Expo, Yu Hao, CEO and co-founder of SpeedyCloud, answered these questions and discussed the results of SpeedyCloud’s survey.
The Internet of Things will challenge the status quo of how IT and development organizations operate. Or will it? Certainly the fog layer of IoT requires special insights about data ontology, security and transactional integrity. But the developmental challenges are the same: People, Process and Platform. In his session at @ThingsExpo, Craig Sproule, CEO of Metavine, demonstrated how to move beyond today's coding paradigm and shared the must-have mindsets for removing complexity from the develo...
SYS-CON Events announced today that MangoApps will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. MangoApps provides modern company intranets and team collaboration software, allowing workers to stay connected and productive from anywhere in the world and from any device.
Large scale deployments present unique planning challenges, system commissioning hurdles between IT and OT and demand careful system hand-off orchestration. In his session at @ThingsExpo, Jeff Smith, Senior Director and a founding member of Incenergy, will discuss some of the key tactics to ensure delivery success based on his experience of the last two years deploying Industrial IoT systems across four continents.