The command and control centres (C&C) for more than half of the world’s botnets are in the US, not China, says...
security firm CheckPoint.
A recent report by US cyber security firm Mandiant said a Chinese military base in Shanghai is one of the world's "most prolific cyber espionage groups," yet only 4% of botnets are controlled from China.
Conversely, 58% of botnets that have hijacked computers in 63% of organisations worldwide have their C&C centres in the US, according to latest enterprise security report from CheckPoint.
The report highlights that 53% of those hijacked computers were infected with new malware at least once a day as a result of existing infections on their networks.
Some 70% of the bots detected in 2012, across more than 800 companies worldwide, communicated with their external C&C centre at least every two hours.
This exposes enterprises to unnecessary risk as the software they are using does not include the latest security protections.
Also, 44% were not using the latest Microsoft Windows Service Packs, which include the latest Microsoft security updates.
Read more about botnets
- Microsoft uses disruption strategy to tackle botnets
- Setting up a botnet is easier than you think
- Security researchers join forces to bring down Grum botnet
- Microsoft disrupts Nitol botnet, outs hidden PC malware
- Kelihos botnet operator named in Microsoft botnet lawsuit
- Botnet removal: Detect botnet infection and prevent re-infiltration
According to the report, 91% of organisations used applications with potential security risks, giving hackers an unprecedented range of options for penetrating corporate networks.
Some 61% of organisations were found to be using P2P file-sharing, 43% using anonymiser applications, and 69% of organisations were found to be using Dropbox for cloud storage.
In the majority of cases, the report said this usage conflicted with the organisation’s web usage and security policies, and could potentially open a backdoor to networks.
The report said 54% of organisations had at least one potential data loss incident as a result of emails being sent in error to an external recipient, or information being incorrectly posted online.
Credit card information was the most common type of sensitive information sent outside organisations (29%), and public sector bodies and financial companies were the most likely to do this.
“Our research uncovered many alarming vulnerabilities and security threats on networks that most organisations were not aware of,” said Amnon Bar-Lev, president of CheckPoint.
“With clearer visibility of these, IT professionals can now better define a security blueprint to protect their organisations from the constant stream of evolving security threats, ranging from botnets, to employees using risky web applications like anonymisers, to data loss,” he said.