Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

Number of Malware Infections Depends on Company Policy, Not Size: Damballa

Threat detection firm Damballa has released its State of Infections Report for the second quarter of 2014.

Threat detection firm Damballa has released its State of Infections Report for the second quarter of 2014.

The company has been monitoring active infections on enterprise networks and found there is no correlation between the size of an organization and the proportion of machines infected with malware. For example, Damballa has seen enterprises with more than 200,000 devices and only a handful of infections, but it has also spotted a large number of active threats on the networks of companies with roughly 500 machines.

According to the security firm, the ratio of active infections ranged between 0.1% and 18.5% on any given day. However, the company noted that not all infections are active every single day because advanced malware can stop communicating with its command and control (C&C) server for certain periods of time in an effort to evade detection.

“Traditional malware relies on remaining hidden so it can conduct criminal activity unimpeded. The longer it goes undetected, the more damage it can do. Hidden infections bedevil enterprises who spend a lot of money and manpower to prevent malware from entering their networks,” Damballa noted in its report.

Infection rates don’t depend on a company’s size as much as they do on its policies and the security team’s ability to deploy tight controls. For example, a small company could have a high malware infection rate because their distributed network is used by third-party contractors who work mainly from outside the corporate network. This makes the task difficult for the security team since it doesn’t have control over the contractors’ devices and it can’t prevent them from downloading malware. Furthermore, network security solutions might only detect threats that directly target the organization.

On the other hand, large enterprises can be better protected if the security team denies administrative rights to general users, disables email links and USB ports, restricts inbound files, and prohibits Web browsing, Damballa said.

“As the report reveals, managing infections requires constant vigilance; advanced malware is designed to be evasive and threat actors are constantly seeking the next weakness to exploit,” said Brian Foster, CTO of Damballa. “As this report notes, there is no correlation between size of the enterprise and the rate of infected devices. Smaller organizations can have a very high ratio of infected devices and large enterprises can have low infection rates. It depends on the security controls in place. We recommend that security teams work under the assumption that prevention is not fail proof, so the ability to automatically detect and accelerate the time to response is essential to minimizing risk.” 

The report also warns of a sharp increase in Kovter ransomware attacks, with the largest number of infections detected by Damballa for a single day reaching 43,713 devices.

One thing Damballa’s report failed to mention, but is important to consider, is budgets. Larger enterprises typically have bigger budgets and more money to spend on IT security solutions and staffing–a combination that makes a difference in maintaining the ability to keep threats outside of a company network.

The complete State of Infections Report for Q2 2014 is available for download along with an infographic that sums up the findings.

Additional reporting by Mike Lennon

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Cybersecurity Funding

Forward Networks, a company that provides network security and reliability solutions, has raised $50 million from several investors.

Network Security

Cisco patched a high-severity SQL injection vulnerability in Unified Communications Manager (CM) and Unified Communications Manager Session Management Edition (CM SME).

Malware & Threats

Norway‎-based DNV said a ransomware attack on its ship management software impacted 1,000 vessels.

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...