The more bots in-house, the more a company is likely to have reported a data breach, BitSight report finds.

Utilities and the education sector harbor the most botnet infections, according to a new study that highlights how bot infections correlate with a higher rate of data breach.

"What I found interesting was that utilities had the most concerning industry-wide grade," says Tom Turner, executive vice president of BitSight Technologies, which published its findings today. The takeaway from this report: "If I'm assessing risk, there's a higher risk of publicly disclosed breach occurring within that industry."

BitSight, a security ratings firm, studied public breach disclosure data between March 2014 and March 2015 across the finance, retail, healthcare, utilities, and education industries. The study concluded that organizations with a botnet grade of B or below had experienced breaches at a rate of 2.2 times more than organizations with an A grade. BitSight's algorithm for security ratings calculates grades based on risk vectors, of which the existence of botnet infections is one.

The study found the percentage of publicly disclosed breaches among companies with an A grade was 1.7%, while for those with a B or below, it was 3.7%. "This does not mean the infections were the cause of the breaches; rather, it means that the infections and breach incidents are correlated," the report said.

Half of the utilities in the study received a botnet grade of B or lower.  Among the botnets found in those companies were the TDSS botnet (30.2%), best known for burrowing in PCs such that it loads prior to Windows startup, Carufax (26.8%), ZeroAccess (15.1%), Sality (14.7%), and Banload (13.2%).

But education fared even worse, with 33% of institutions earning an F in their botnet grade, and less than 23% getting an A. The main botnets dogging universities:  Jadre (59.2%), Flashback (22.1%), the Java exploit targeting Apple OS X, TDSS (8.3%), Zeus (6%), and Sality (4.4%).

"Although the Flashback botnet itself has largely been shut down, the large number of infections that still exist indicates that people are running machines that have not been updated; thus, they are still vulnerable to other forms of infection," the report says.

Financial services firms, not surprisingly, were the least bot-infected, with 74% receiving a grade of A. Even so, they harbored Zeus (46.1%), Sality (30.8%), and Viknok (10.4%)--known for elevating operating system privileges-- botnet infections, as well as Redyms (7.3%) and Cutwail (5.4%).

Forty-three percent of retailers, meanwhile, scored below an A grade for botnets. Zeus (38.9%), Dipverdle (22.7%), and ZeroAccess (19.2%), were the top infections here, followed by Cutwail (11.3%) and Mevade (7.9%).

A little over half of healthcare organizations scored an A. Zeus (39%), Cutwail (17.3%), Viknok (16.2%), Redyms (15.3%), and Qakbot (12.%) were found infecting this sector.  "The fact that Viknok can be used to gain elevated operating system privileges, which can lead to theft of sensitive information, is concerning given the sensitivity of patient data," BitSight said in its report.

The report concludes that organizations with bot-infected machines are more likely to report a data breach. "The implications for organizations across industries are that botnet infections cannot be ignored. Companies with poor botnet grades have been breached far more often than those with good grades, and actions should be taken to mitigate these risks," the report says.

About the Author(s)

Kelly Jackson Higgins, Editor-in-Chief, Dark Reading

Kelly Jackson Higgins is the Editor-in-Chief of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise Magazine, Virginia Business magazine, and other major media properties. Jackson Higgins was recently selected as one of the Top 10 Cybersecurity Journalists in the US, and named as one of Folio's 2019 Top Women in Media. She began her career as a sports writer in the Washington, DC metropolitan area, and earned her BA at William & Mary. Follow her on Twitter @kjhiggins.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights