Categories: Security

Check Point Security Report 2014 – Malware in the enterprise

Check Point 2014 Security Report shows major security events occurred in 2013 show and provides useful information on current malware trends.

Check Point Software Technologies published 2014 Security Report to highlight major security events occurred last year and show current malware trends. The data were collected monitoring network traffic from 996 organizations of various industries.

Nearly 84 percent of organizations found infected with malicious code, the experts at Check Point estimated that 2.2 pieces of unknown malware hitting enterprises once every hour.

The repercussions under security perspective are serious, 88 percent of organizations suffered a data breach at least once last year, an increment of 34 percent respect 2012. As it has been reported by other studies of other security firms, financial institutions, healthcare and insurance companies were the most affected enterprises.

In 2013 we assisted to a significant increase of botnet infections, they increased by about 10%, from 63 percent in 2012 to 73 percent in 2013, less than 10 percent of antivirus software had detected unknown malware with serious consequences.

“It is important to distinguish between unknown malware and what are often referred to as “zeroday” exploits. Zero-day malware exploits a previously unknown and unreported vulnerability for which there is no patch.Unknown malware refers to malicious code that exploits a known vulnerability or weakness, but cannot be detected at the time of its discovery even by up-to-date antivirus, anti-bot or Intrusion Prevention System (IPS) solutions. The window of effectiveness for an unknown malware is often only 2–3 days, because its existence in the wild gives antivirus vendors time to detect it on their global networks and build signatures for it.” states the study.

According 2014 Security Report, nearly 33 percent of organizations have downloaded at least one file infected by unknown malicious code, 35 percent of infected file were PDF files, 33 percent were .EXE files and 27 percent archive.

It is a scaring scenario, if we consider that enterprise systems and networks were infected by a malware very 24 hours, 60 percent of organizations downloads malware every two hours or less (in 2012 the percentage was 14%), while the researchers detected a bot communication with its command and control server every three minutes.

“The prevalence of bot infections within enterprises is staggering,””Check Point also found that 77 percent of bots were active within enterprises for more than four weeks. With all of this in mind, it is important for organizations to deploy threat prevention technologies to identify and contain the spread of malware, as well as even prevent initial infection.” said Kellman Meghu, head of security engineering at Check Point.

The 2014 Security Report confirmed that risky applications in enterprises are becoming a serious issue, for example, 63 percent of enterprises found BitTorrent use internally, a significant jump respect 40 percent in 2012.

Patch management is another security lack for some enterprises, 14 percent of their endpoints were not running the most recent Windows service packs, and 33 percent of endpoints were running out-of-date versions of common applications like Adobe and Java software or Internet Explorer.

Wrong habits concur to aggravate the situation as explained in the report.

“Clients are often left vulnerable by important protection capabilities that have been disabled,” “For example, almost one quarter (23 percent) of enterprise endpoints analyzed by Check Point did not have a desktop firewall enabled, and more than half (53 percent) had enabled Bluetooth, exposing them to wireless attacks in public spaces.” states the report.

Let’s close with curious insights provided in Check Point 2014 Security Report:

Every 49 minutes, sensitive data is sent outside an organization
Every minute, a host visits a malicious website
Every nine minutes, a high-risk application is being used (think BitTorrent)
Every 27 minutes, unknown malware is downloaded

As usual, I suggest you to read the report.

Pierluigi Paganini

(Security Affairs – Check Point 2014 Security Report, malware)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.