Many of the nearly two-thirds of organisations found to be infected with botnet-running malware were compromised by their higher-than-average use of peer-to-peer (P2P) services like BitTorrent, eMule and Soulseek, a Check Point Software Technologies audit has found.
The Check Point 2013 Security Report, based on data from the company’s free network malware audits, found that 63 per cent of examined organisations were infected with malware bots.
Of these, 48 per cent had just 1 to 3 botnet hosts – but 18 per cent had between 10 and 21 hosts, and 6 per cent had more than 21 botnet hosts running on the network. With 25 per cent of hosts communicating to their command and control (C&C) server at least every hour and 45 per cent doing so every one to two hours, the figures suggest many companies have inadvertently become active participants in the promulgation of global malware botnets.
The P2P vector was called out on the back of results suggesting 61 per cent of organisations globally were using P2P applications, with a higher-than-average 72 per cent of APAC organisations said to be using the technologies. P2P applications represent a particular vulnerability, Check Point said, because they “essentially open a backdoor to networks” by facilitating the sharing of files across large numbers of TCP/IP ports.
By contrast, APAC organisations were less reliant on equally-problematic anonymizer services like Tor, which compromise security controls by obscuring individuals’ identities. While anonymizers were detected on 49 per cent of networks in the Americas region, just 35 per cent of APAC organisations showed evidence of using the technologies.
Check Point president Amnon Bar-Lev, who spoke at the company’s CPX 2013 event in Sydney this week, told CSO Australia that while new offerings – such as Check Point’s forthcoming threat-emulation sandboxing tool or its free network malware-scanning service – offered a certain level of technological defence, companies can “save 97 per cent of their problems by doing the very basic things”.
“We are seeing consolidation in tools because there is no need to have 20 different products,” he explained. “But it’s even more important to have segmentation of your network, to put in control and prevention, to manage your network with regular updates, have a strong password, and so on.”
“If you do the very basic steps, you’ll cover most of what you need to do. The rest is the very specific, targeted attacks that you need to deal with using a strong expert that knows what to do and where.”
A Trend Micro survey recently found that Australia has the world’s second-highest concentration of botnet C&C servers; Check Point figures, on the other hand, suggested Australia hosts around 3 per cent of C&C servers, putting it well behind the United States (58 per cent), Germany (9 per cent), France and the Netherlands (7 per cent each), and China (4 per cent).
Check Point also broke down the platforms involved in the malware breaches by vendor, with Microsoft (68 per cent of breaches) far and away the most often-compromised vendor. Oracle (15 per cent) and Adobe (13 per cent) were next in the ranking, with Novell and Apache (5 per cent each), Apple (4 per cent) and HP (3 per cent) filling out the rest.
Use of remote-access and file-storage tools like Dropbox were also fingered, with both common across the surveyed organisations as useful but compromising methods for network access.
“Once you open a back door into the network, you’re allowing people to put malware and Web threats onto your computers, and you’re allowing people to take data from your organisation,” Ben-Lev said. “A significant amount of the things that happened, were because we caused ourselves to be damaged without knowing about it.”