Every three minutes, a botnet communicates with its command and control centre while every 24 hours, company networks are infected with a new botnet.
Research by Check Point, based on analysis of monitored security events from over 10,000 organisations found that malware is downloaded every ten minutes in 84 per cent of the respondents.
It also found that every ten minutes, a known malware variant is being downloaded to company networks and every 27 minutes a new, unknown malware variant is being downloaded to company networks.
Commenting, Ian Pratt, co-founder of Bromium, said that the statistics were shocking, but not surprising. “In an Enterprise of a hundred thousand users, just think how many emails get opened and website links are clicked on in a typical day,” he said.
“For a typical Enterprise, most of this malware is just noise, not particularly targeted at them or their users. The only reason security products are detecting them is that the malware authors are making no particularly attempt to be stealthy.
“Malware that is targeted is likely to be a lot nastier and harder to spot, intent on theft of intellectual property, bulk personal information, or creating fraudulent transactions. At best these kinds of malware are not detected until months later, if at all. Hence it’s even possible the situation may be even worse than revealed in the report. Only the bad guys know.”
Tom Cross, director of security research at Lancope, said: “Check Point’s study provides a quantitative account of the reality that information security professionals know that they are contending with – their networks are compromised on a regular basis by threat actors who are able to evade the perimeter defences that they have in place. Once these sophisticated malware samples get a foothold on your network, you’ve got to do more than detect them, you’ve got to piece together what they’ve been doing on your network in order to understand whether the infection was benign or malignant.
“Some threat actors have a long term interest in stealing data from your organization, and will pivot from an initial infection point to compromise multiple machines in your network with different malware samples that have different characteristics, so that if you clean up one sample family, there are others that the attacker can use to maintain control of your network.
“Therefore, information security programs need to balance investments in preventative technologies with robust incident response and investigative capabilities. The nature of incident response is changing from a clean-up task that happens after a breach has occurred into a constant business process in which you are hunting for infections on your network all the time, attempting to understand them, and applying that understanding to better protecting the organisation from future attacks.”
In terms of the botnet infections, Check Point found that a host was infected by a bot every 24 hours while in 2013, at least one bot was detected in 73 per cent of organisations, an increase from 63 per cent in 2012. Organisations also struggled with containing bots, as 77 per cent of bots are active for more than four weeks.
