When it comes to active malware infection, as many as 18.5% of a company's computers are actively communicating with criminals, according to Damballa's “State of Infections” report.
No firm is exempt, as this occurs across both large and small enterprises, the study found. Company policies, more so than company size, determines the “cleanliness” of any given network.
“We recommend that security teams work under the assumption that prevention is not fail proof, so the ability to automatically detect and accelerate the time to response is essential to minimizing risk,” says Brian Foster, CTO of Damballa, a firm that detects active threats and provides cyber protection and containment.
Damballa reports that the past 18 months have experienced a rise in Kovter ransomware infections, so-called because it locks the victim out of his or her computer until the victim agrees to pay a fee, which can be as high as $1,000. At its height, infections reached 43,713 devices in a single day. Month over month, average daily infections increased 153% in May and 52% in June.
However, there is some good news: Ransomware was dealt a crippling blow after the Department of Justice initiated Operation Tovar, which aimed to dismantle the GameOver Zeus botnet and its destructive payload CryptoLocker. The DOJ estimates that CryptoLocker compromised more than 260,000 computers worldwide, about half of which occured in the U.S. More than $30 million in ransom was collected between September and December 2013, the FBI reports.
“When it comes to mass infections, we can apply best practices from Operation Tovar as a blueprint for managing global cyber public health,” Foster says. “It underscores the need for continued, co-ordinated efforts across the security community.”
These best practices for a malware takedown include:
- Global partnerships between public and private entities
- Criminal and civil legal processes designed to stop communications between infected computers
- Cooperation from domain registrars who agreed to block or sinkhole the DGA elements of the infections
- Mass notification of victims and easy access to malware removal kits.
Want to continue reading?
Become a Free PropertyCasualty360 Digital Reader
Your access to unlimited PropertyCasualty360 content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- Breaking insurance news and analysis, on-site and via our newsletters and custom alerts
- Weekly Insurance Speak podcast featuring exclusive interviews with industry leaders
- Educational webcasts, white papers, and ebooks from industry thought leaders
- Critical converage of the employee benefits and financial advisory markets on our other ALM sites, BenefitsPRO and ThinkAdvisor
Already have an account? Sign In Now
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
