Research: Almost 1 in 5 company devices infected

News by Steve Gold

New research claims to show that enterprises are seeing around 18.5 per cent - that's almost one in five units - of their corporate devices being infected , suggesting a major rise in successful infections by malware and other electronic trickery.

In addition, says Damballa's Q2-1014 State of Infections Report, infections caused by the Kovter `police blackmail' Trojan also surged during the second quarter - rising from a daily rate of 10,000 during April to 38,000 in June. With a `fine' of around £650, the ransomware yield rate for the cyber-criminals from these infection could be significant, SCMagazineUK notes.

So what is going on in the enterprise environment? In theory, corporates have a better chance of preventing infections, thanks to their greater security resources and multiple layers of defence, but Damballa says that it is company policies, rather the size of the business, that determines the cleanliness of any given network.

The figures surrounding the Kovter ransomware make for interesting reading, as the report says that, during the height of activity in June, infections reached 43,713 known infected devices on a single day. Month over month, it notes, average daily infections increased by a hefty 153 percent in May and 52 percent during June.

Brian Foster, Damballa's CTO, concludes that managing infections requires constant vigilance, since advanced malware is designed to be evasive and, he says, threat actors are constantly seeking the next weakness to exploit.

"As this report notes, there is no correlation between size of the enterprise and the rate of infected devices. Smaller organisations can have a very high ratio of infected devices and large enterprises can have low infection rates. It depends on the security controls in place,” he said.

“We recommend that security teams work under the assumption that prevention is not fail proof, so the ability to automatically detect and accelerate the time to response is essential to minimising risk," he added, noting that, when it comes to mass infections, best security practices are the way forward.

Delving into the report reveals the observation that traditional malware relies on remaining hidden so it can conduct criminal activity unimpeded. The longer it goes undetected, says the analysis, the more damage it can do.

Damballa's analysis goes on to say that infection rates vary greatly from enterprise-to-enterprise and from day-to-day, as during Q2-2014, researchers saw enterprises with 200,000+ devices experience only a handful of infections, yet some firms with under 600 devices had an alarmingly high number of infections.

The report concludes that cyber security issues affect every user on the Internet. Whether managing mass cyber infections like Gameover Zeus and CryptoLocker - or infections within an enterprise - Damballa says the work is daunting.

"Our adversaries are well-funded, agile, and adaptive. They constantly seek the next weakness to exploit. Our ability to automatically detect infections with certainty and speed the time to response can help prevent loss," it notes.

Steve Smith, managing director of Pentura, the security consultancy, agreed these conclusions.

Malware, he said, has no concept of business size, but merely seeks out vulnerabilities and exploits them, meaning any organisation that stores data is a potential target.

As a result, he added, business of all sizes need to be aware that security is an ongoing process and that threat avoidance goes far beyond just having products in place.

"This includes ensuring that staff are made aware of best practice and receive training on common threats such as social engineering and phishing attacks,” he explained.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews