Companies with lax security procedures can become a breeding ground for malware, with infection rates reaching 18.5 percent, according to network-security firm Damballa.
Organizations that allow contractors and third parties to access their network do not restrict mobile devices and allow users to have administrative rights on their systems suffer much higher rates of malware compromise than more strict companies, Damballa found in its analysis of network data published on Aug. 13.
Companies should take strict measures—such as disabling email links and USB ports—to keep malicious code from infecting their systems or propagating inside their networks, Brian Foster, the firm’s chief technology officer, told eWEEK.
“There is not a cookie-cutter solution—not everyone can do the exact same thing and be done,” Foster said. “Some organizations will have to allow contractors to access critical data. But there are things you can do to minimize your vulnerability to malware.”
Managing privileged users and controlling access to the network to only authorized devices are two other steps that companies can take to minimize their vulnerability to malware infections. Damballa based its analysis on network data, creating alerts when customers’ computers and devices were connecting to known malicious systems. The company then confirmed that malware had infected the computers.
For the second quarter of 2014, infection rates varied from 0.1 percent to 18.5 percent, the company said in its report.
An increasing threat among businesses, for example, is ransomware. While law enforcement’s crackdown on GameOver Zeus and the CryptoLocker ransomware program in June has destroyed the profits of the group behind the programs, other ransomware continues to spread.
Ransomware locks computers or encrypts the data on the devices until a victim pays a ransom fee. The group behind the original CryptoLocker program likely collected millions in payments; the FBI estimated $30 million at the time of the takedown.
While a new version of GameOver Zeus has begun spreading, it has yet to make significant gains.
A different ransomware attack, known as Kovter, has taken off, however. In June, infections jumped 300 percent over April’s count, according to the Damballa’s data. Kovter is a form of “police ransomware,” which accuses the user of a crime—in this case, downloading child pornography—and threatening to arrest the victim unless a fine is paid.
The malware infection rates did not depend on the size of the company, Damballa stated in its report. Some larger companies had thousands of infected systems, while some smaller firms had only a handful, and vice versa, Foster said.
“The example with the 18 percent is a company that has a bunch of contractors,” he said. “That company went back to the contractors and created a policy to enforce clean systems.”
In another case, a surge in infected systems at a university occurred every time students returned from semester breaks to resume studies.
Some best practices that companies should consider implementing, include limiting worker’s privileges on their computer systems, restricting Internet browsing, disabling USB ports, running downloaded files in a sandbox or on the Internet and disabling email links, the company said.