When it comes to active malware infection, as many as 18.5% of acompany's computers are actively communicating with criminals,according to Damballa's “State of Infections” report.
|No firm is exempt, as this occurs across both largeand small enterprises, the study found. Company policies, more sothan company size, determines the “cleanliness” of any givennetwork.
|“We recommend that security teams work under the assumption thatprevention is not fail proof, so the ability to automaticallydetect and accelerate the time to response is essential tominimizing risk,” says Brian Foster, CTO of Damballa, a firm thatdetects active threats and provides cyber protection andcontainment.
|Damballa reports that the past 18 months have experienced a risein Kovter ransomware infections, so-called because it locks thevictim out of his or her computer until the victim agrees to pay afee, which can be as high as $1,000. At its height, infectionsreached 43,713 devices in a single day. Month over month, averagedaily infections increased 153% in May and 52% in June.
|However, there is some good news: Ransomware was dealt acrippling blow after the Department of Justice initiated OperationTovar, which aimed to dismantle the GameOver Zeus botnet and itsdestructive payload CryptoLocker. The DOJ estimates thatCryptoLocker compromised more than 260,000 computers worldwide,about half of which occured in the U.S. More than $30 million inransom was collected between September and December 2013, the FBIreports.
|“When it comes to mass infections, we can apply best practicesfrom Operation Tovar as a blueprint for managing global cyberpublic health,” Foster says. “It underscores the need forcontinued, co-ordinated efforts across the security community.”
|These best practices for a malware takedown include:
- Global partnerships between public and private entities
- Criminal and civil legal processes designed to stopcommunications between infected computers
- Cooperation from domain registrars who agreed to block orsinkhole the DGA elements of the infections
- Mass notification of victims and easy access to malware removalkits.
Want to continue reading?
Become a Free PropertyCasualty360 Digital Reader
Your access to unlimited PropertyCasualty360 content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- All PropertyCasualty360.com news coverage, best practices, and in-depth analysis.
- Educational webcasts, resources from industry leaders, and informative newsletters.
- Other award-winning websites including BenefitsPRO.com and ThinkAdvisor.com.
Already have an account? Sign In
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
