The vulnerability of government, business and
individuals to cyber attack was demonstrated when a botnet hijacked
1.9 million computers.
International authorities are hunting six members of the
cybergang that bypassed 90% of antivirus products to build one of
the largest known botnets in just two months.
The sophistication of the malware and rapid infection rate
proves cybercriminals are raising the bar, says said
Yuval Ben-Itzhak, CTO of security firm
Finjan that discovered the botnet.
The gang's ability to set up such a big botnet in such a short
period of time shows just how vulnerable organisations are to this
type of attack, he says.
The botnet infiltrated 77 government departments and hundreds of
large corporations, including six local government departments and
500 companies in the UK.
The cybercriminals were able to infect computers through
legitimate websites with malware designed to take advantage of
security vulnerabilities in a range of browsers.
Ken Munro, director of the penetration testing division at NCC
Group, says most organisations neglect desktop computer security on
their networks.
"Security patching of internet-facing servers is usually good,
but that is definitely not the case when it comes to the rest of
the network in most organisations," he says.
Organisations should ensure that security patches on every
computer on their network are up to date to minimise the risk, says
Munro.
Ben-Itzhak and Munro agree traditional defences such as
firewalls and anti-virus are no longer enough, but organisations
need to a multi-layered approach to security.
This involves combining web security, data leakage prevention
and URL filtering to strengthen the network perimeter as well as
ensuring the internal network is secure.
Opinion: The unanticipated consequences of BBC Click's botnet crime
>>