Botnet shows organisations vulnerable to cyber attack

News Analysis

Botnet shows organisations vulnerable to cyber attack

Warwick Ashford

The vulnerability of government, business and individuals to cyber attack was demonstrated when a botnet hijacked 1.9 million computers.

International authorities are hunting six members of the cybergang that bypassed 90% of antivirus products to build one of the largest known botnets in just two months.

The sophistication of the malware and rapid infection rate proves cybercriminals are raising the bar, says said Yuval Ben-Itzhak, CTO of security firm Finjan that discovered the botnet.

The gang's ability to set up such a big botnet in such a short period of time shows just how vulnerable organisations are to this type of attack, he says.

The botnet infiltrated 77 government departments and hundreds of large corporations, including six local government departments and 500 companies in the UK.

The cybercriminals were able to infect computers through legitimate websites with malware designed to take advantage of security vulnerabilities in a range of browsers.

Ken Munro, director of the penetration testing division at NCC Group, says most organisations neglect desktop computer security on their networks.

"Security patching of internet-facing servers is usually good, but that is definitely not the case when it comes to the rest of the network in most organisations," he says.

Organisations should ensure that security patches on every computer on their network are up to date to minimise the risk, says Munro.

Ben-Itzhak and Munro agree traditional defences such as firewalls and anti-virus are no longer enough, but organisations need to a multi-layered approach to security.

This involves combining web security, data leakage prevention and URL filtering to strengthen the network perimeter as well as ensuring the internal network is secure.

Opinion: The unanticipated consequences of BBC Click's botnet crime >>


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy