Over half of botnet control centres in the US, says Check Point

The command and control centres (C&C) for more than half of the world’s botnets are in the US, not China, says security firm CheckPoint

The command and control centres (C&C) for more than half of the world’s botnets are in the US, not China, says security firm CheckPoint.

A recent report by US cyber security firm Mandiant said a Chinese military base in Shanghai is one of the world's "most prolific cyber espionage groups," yet only 4% of botnets are controlled from China.

Conversely, 58% of botnets that have hijacked computers in 63% of organisations worldwide have their C&C centres in the US, according to latest enterprise security report from CheckPoint.

The report highlights that 53% of those hijacked computers were infected with new malware at least once a day as a result of existing infections on their networks.

Some 70% of the bots detected in 2012, across more than 800 companies worldwide, communicated with their external C&C centre at least every two hours. 

It also highlighted that 75% of organisations are not using the latest software versions in popular software such as Adobe Acrobat Reader, Adobe Flash Player, Microsoft Internet Explorer and Java.

This exposes enterprises to unnecessary risk as the software they are using does not include  the latest security protections.  

Also, 44% were not using the latest Microsoft Windows Service Packs, which include the latest Microsoft security updates. 

According to the report, 91% of organisations used applications with potential security risks, giving hackers an unprecedented range of options for penetrating corporate networks.

Some 61% of organisations were found to be using P2P file-sharing, 43% using anonymiser applications, and 69% of organisations were found to be using Dropbox for cloud storage.

In the majority of cases, the report said this usage conflicted with the organisation’s web usage and security policies, and could potentially open a backdoor to networks. 

The report said 54% of organisations had at least one potential data loss incident as a result of emails being sent in error to an external recipient, or information being incorrectly posted online. 

Credit card information was the most common type of sensitive information sent outside organisations (29%), and public sector bodies and financial companies were the most likely to do this.

“Our research uncovered many alarming vulnerabilities and security threats on networks that most organisations were not aware of,” said Amnon Bar-Lev, president of CheckPoint.

“With clearer visibility of these, IT professionals can now better define a security blueprint to protect their organisations from the constant stream of evolving security threats, ranging from botnets, to employees using risky web applications like anonymisers, to data loss,” he said.

Read more on Hackers and cybercrime prevention

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

Hi Warwick,

The only surprising thing to me in this report is that "more than half of the
organizations studied had at least one potential data loss incident. Given the
sophistication of today's threats — both outside and insider — my guess is that
the real number is closer to 80-90%. The problem is that enterprises don't know
what they don't know. Some believe that ticking off the compliance checkbox
will keep them safe, but it just gives them a false sense of security.
Compliance laws are analogous to seatbelt laws — necessary, but not sufficient
to keep you from suffering when really bad things happen. And the days of
putting a perimeter around everything are long gone. What enterprises need to
do is protect what matters — the sensitive data on their servers — by putting a
data-centric control in place that will protect the data itself. The
control must be able to ensure that when (not if) attackers get to the
sensitive data on servers (financial information, databases, intellectual property,
etc.) it is protected with sophisticated encryption that places a firewall
of sorts around data.

CISOs need to put the right policies in place, including centralized key
management and fine-grained access control so that insiders can do their jobs,
but valuable information is kept safe. Having the right protection
and security intelligence reporting at the file and database level can help
organizations identify suspicious activity before an extensive breach occurs.
As these past few weeks have seen, the magnitude and breadth of the threat
landscape is only going to get bigger. Organizations of all sizes must realize
that they cannot rely on flying under the radar when it comes to threats.