Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

4/9/2015
04:20 PM
Connect Directly
Twitter
RSS
E-Mail
100%
0%

Utilities And Education The Most Bot-Infested Sectors

The more bots in-house, the more a company is likely to have reported a data breach, BitSight report finds.

Utilities and the education sector harbor the most botnet infections, according to a new study that highlights how bot infections correlate with a higher rate of data breach.

"What I found interesting was that utilities had the most concerning industry-wide grade," says Tom Turner, executive vice president of BitSight Technologies, which published its findings today. The takeaway from this report: "If I'm assessing risk, there's a higher risk of publicly disclosed breach occurring within that industry."

BitSight, a security ratings firm, studied public breach disclosure data between March 2014 and March 2015 across the finance, retail, healthcare, utilities, and education industries. The study concluded that organizations with a botnet grade of B or below had experienced breaches at a rate of 2.2 times more than organizations with an A grade. BitSight's algorithm for security ratings calculates grades based on risk vectors, of which the existence of botnet infections is one.

The study found the percentage of publicly disclosed breaches among companies with an A grade was 1.7%, while for those with a B or below, it was 3.7%. "This does not mean the infections were the cause of the breaches; rather, it means that the infections and breach incidents are correlated," the report said.

Half of the utilities in the study received a botnet grade of B or lower.  Among the botnets found in those companies were the TDSS botnet (30.2%), best known for burrowing in PCs such that it loads prior to Windows startup, Carufax (26.8%), ZeroAccess (15.1%), Sality (14.7%), and Banload (13.2%).

But education fared even worse, with 33% of institutions earning an F in their botnet grade, and less than 23% getting an A. The main botnets dogging universities:  Jadre (59.2%), Flashback (22.1%), the Java exploit targeting Apple OS X, TDSS (8.3%), Zeus (6%), and Sality (4.4%).

"Although the Flashback botnet itself has largely been shut down, the large number of infections that still exist indicates that people are running machines that have not been updated; thus, they are still vulnerable to other forms of infection," the report says.

Financial services firms, not surprisingly, were the least bot-infected, with 74% receiving a grade of A. Even so, they harbored Zeus (46.1%), Sality (30.8%), and Viknok (10.4%)--known for elevating operating system privileges-- botnet infections, as well as Redyms (7.3%) and Cutwail (5.4%).

Forty-three percent of retailers, meanwhile, scored below an A grade for botnets. Zeus (38.9%), Dipverdle (22.7%), and ZeroAccess (19.2%), were the top infections here, followed by Cutwail (11.3%) and Mevade (7.9%).

A little over half of healthcare organizations scored an A. Zeus (39%), Cutwail (17.3%), Viknok (16.2%), Redyms (15.3%), and Qakbot (12.%) were found infecting this sector.  "The fact that Viknok can be used to gain elevated operating system privileges, which can lead to theft of sensitive information, is concerning given the sensitivity of patient data," BitSight said in its report.

The report concludes that organizations with bot-infected machines are more likely to report a data breach. "The implications for organizations across industries are that botnet infections cannot be ignored. Companies with poor botnet grades have been breached far more often than those with good grades, and actions should be taken to mitigate these risks," the report says.

Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
4/13/2015 | 1:02:05 PM
Re: Education enterprise users: a legion of hackers and victims.
I agree. Unless we find a way of demonstrating how a security threat may impact them personally students would be getting it. The same for employees when it comes to security awareness, we can continue to talk about it, many employees would not care about what happens to company's network or applications. 
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
4/13/2015 | 12:57:49 PM
Re: Not Surprising in Schools
Agree. You can even do gamification on the phishing test, it would be fun and informative, students would love that.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
4/13/2015 | 12:55:51 PM
Re: Not Surprising in Schools
I like the ideas of phishing test. That would help the individual, school and then companies who are hiring those students. Great way of starting security awareness.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
4/13/2015 | 12:53:35 PM
Botnet grade?
This is just my take on this. No need to introduce a new term to an already complex study of terminologies. There is no such thing called botnet grade, you just need to identify what vulnerabilities and threats you are facing and evaluate risk based on that, it is as simple as  Risk = Threats x Vulnerabilities. This is what we need to focus.
madhu jy
50%
50%
madhu jy,
User Rank: Apprentice
4/13/2015 | 7:03:22 AM
Re: Not Surprising in Schools
nice post
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
4/10/2015 | 1:29:58 PM
Re: Not Surprising in Schools
Ryan, I've read about those phisinng exercises and agree that it's a really solid way to get the message across-- (expecially when the execs flunk the test). Not sure how well they would translate to an academic environment. But there really seems to be an urgent need for that environment. 
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
4/10/2015 | 1:23:41 PM
Re: Not Surprising in Schools
@Marilyn. It's funny you should mention phishing test as many enterprises incorporate the same type of user awareness techniques. Many employees fail these tests but its the understanding afterwards that furthers their security presence. 

To your point about conducting a phishing exercise, I very much agree. Its a simple yet very interesting way of introducing people to security.

 
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
4/10/2015 | 1:17:21 PM
Re: Not Surprising in Schools
Most colleges require some kind of Technology 101 class for incomingn freshman, but judging  from my daughter' and her peers' information security savvy, the message needs to be much stronger. Maybe schools  should make them pass a phishing test before giving them access to the network..
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
4/10/2015 | 1:17:17 PM
Re: Not Surprising in Schools
Most colleges require some kind of Technology 101 class for incomingn freshman, but judging  from my daughter' and her peers' information security savvy, the message needs to be much stronger. Maybe schools  should make them pass a phishing test before giving them access to the network..
aws0513
50%
50%
aws0513,
User Rank: Ninja
4/10/2015 | 11:04:09 AM
Education enterprise users: a legion of hackers and victims.
Recently, a local large university hired a new CISO.

I told my boss I do not envy his task.  A university user community is comprised of staff, educators, and students.  The students are the vast majority of that population.  Because students do not have the culture of security that employees may have, they can be classified as either hackers or victims of hackers.

Moreover, many schools do not implement substantial security controls on their networks because students (and some educators) begin to squawk about "internet freedom" and "ability to conduct unfettered research".  BYOD has been common at univerities before it was an acronymn.  The students expect, and in many cases are expected, to bring their own systems to the campus.  I know of many campuses that have separated networks for students and staff/educators simply because of how dangerous the student side of the equation is.  

Admittedly, many colleges have acceptable use policies for their enterprise networks, but it is often difficult to enforce most of these policies because of how they are written or because the college does not have very effective monitoring or forensics operations.

I distinctly remember a discussion I had with a network technician that said (paraphrased) "If we began to knuckle down on students conducting unacceptable activities on the network, we would likely have far less students on the rolls."

So the challenge may be: How is it possible to engage students on what good security controls and practices provide?  If they understand the "why" factor of a security control they are not fond of, it may be easier to implement those controls while at the same time change behavior of students.

BTW...  as for utility companies not doing well in the research results...  there is no excuse.  IMHO the cause is an apparent lack of urgency on utilities to get their IT security house in order.
Page 1 / 2   >   >>
News
FluBot Malware's Rapid Spread May Soon Hit US Phones
Kelly Sheridan, Staff Editor, Dark Reading,  4/28/2021
Slideshows
7 Modern-Day Cybersecurity Realities
Steve Zurier, Contributing Writer,  4/30/2021
Commentary
How to Secure Employees' Home Wi-Fi Networks
Bert Kashyap, CEO and Co-Founder at SecureW2,  4/28/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-31755
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setmac allows attackers to execute arbitrary code on the system via a crafted post request.
CVE-2021-31756
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /gofrom/setwanType allows attackers to execute arbitrary code on the system via a crafted post request. This occurs when input vector controlled by malicious attack get copie...
CVE-2021-31757
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setVLAN allows attackers to execute arbitrary code on the system via a crafted post request.
CVE-2021-31758
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setportList allows attackers to execute arbitrary code on the system via a crafted post request.
CVE-2021-31458
PUBLISHED: 2021-05-07
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handlin...