Bots, viruses, breaches and attacks are a constant and real threat to the information security of organisations, says Amnon Bar-Lev, president of Check Point.
This was the main finding of the security firm’s latest security report, which is based on real-world incidents, he told delegates at its CPX2013 customer and partner event in Barcelona.
Check Point analysed 120,000 hours of network traffic at 900 organisations across all industries in 62 countries between August and October 2012.
The data revealed that botnets of hijacked computers are one of the most significant security threats that organisations are facing.
The hijacked computers can be controlled remotely by cyber criminals to steal data, distribute spam and malware, and carry out distributed denial-of-service (DDoS) attacks without the knowledge of users.
Bar-Lev said this is relevant because the research found that 63% of organisations monitored were infected with at least one bot, but most were infected by a variety of bots.
When a bot infects a computer, it typically takes control of the machine and neutralises anti-virus defences before establishing communication links with its command and control (C&C) centre.
Thousands of botnets exist in the wild, but the top botnets include Zeus, Zwangi, Sality, Kuluoz, Papras and Juasek, which Bar-Lev highlighted for its ability to open a command shell and search, create, delete and send files outside an organisation.
In recognition of the fact that botnets present one of the most prominent network security threats, Check Point has pioneered anti-bot software to detect bot activity and prevent damage by blocking communications with C&C centres.
“Detection alone is not enough; organisations need to be able to prevent damage as part of a multi-layered approach to information security,” said Bar-Lev.
Other key elements include anti-virus backed up by real-time threat intelligence, threat emulation capability to identify previously unknown malware, and intrusion prevention systems.
As web applications have become mainstream in business, they have become a major channel for malware infections, said Bar-Lev.
“Some applications have become very risky as cyber criminals use a growing number of them to carry out attacks,” he said.
The research found that in 91% of organisations, employees were using applications with a potential to bypass security, hide identities, leak data or introduce malware.
In 61% of organisations, the research found that peer-to-peer (P2P) applications were being used to share files, which is a big security problem said Bar-Lev.
“These applications connect an unknown community with a trusted network, effectively opening up a back door into an organisation,” he said.
Organisations need to implement secure web gateways and URL filtering supported by real-time intelligence to prevent access to bad websites and control the use of high-risk apps, said Bar-Lev.
SQL-injection attacks also featured prominently in the data analysed, highlighting how attacks tend to be based on vulnerabilities in applications.
Attackers typically inject SQL (structured query language) code into a web input form to gain access to back-end resources and steal or change stored information such as usernames and passwords.
In one 2012 attack against an Italian academic institution, said Bar-Lev, there were over 6,000 attempts to inject code, with 4,000 taking place in the first two days.
Apart from bots and malicious web apps, including P2P application, businesses are still getting hit by known viruses, said Bar-Lev.
The research found that 53% of organisations are not using the latest security patches for operating systems and business applications.
“Businesses still need to patch regularly as around 5,000 new vulnerabilities are exposed every year, and failure to patch against these increases the risk of attack,” said Bar-Lev.
In conclusion, he said technology alone is not enough to keep an organisation’s information assets secure because data loss is mostly caused by employees and mostly by mistake.
“For example, the Stoke-on-Trent City Council in the UK was fined £120,000 in October 2012 after a member of staff sent emails containing sensitive information to the wrong address,” he said.
Eleven emails intended for a lawyer working on a case were sent to the wrong email address because of a typing error.
The research revealed that 54% of organisations had experienced at least one incident indicating potential data loss, and in 28% of organisations an internal email was sent to an external recipient.
In light of the findings, Bar-Lev said Check Point believes that the most effective approach to information security is based on full network visibility, centralised management and secure infrastructure.
11 Apr 2013