The UK is home to more botnet Command and Control (C&C) servers than any other country in the world, suggests the latest quarterly report by Japanese security vendor Trend Micro.
The report, entitled “Turning the Tables on Cybercrime: Responding to Evolving Cybercrime Tactics”, also found that cyber attacks have intensified and increased in severity over the past three months, especially those aimed at financial institutions and the retail sector. This resulted in exposure of more than 10 million personal records.
Trend Micro found that 32 percent of known botnet C&C servers were hosted in Britain, followed by the US with 29 percent. By comparison, Germany hosts just three percent of known botnet infrastructure, and France – just one percent. This doesn’t mean that the cyber criminals themselves are based in the UK – they are simply abusing the trust towards local infrastructure providers.
“This quarter is showing that data breach events can affect anyone that stores data. There is no such thing as a ‘safe’ industry or website now,” wrote Christopher Budd, a spokesman for Trend Micro.
The report called Heartbleed the “most critical vulnerability uncovered to date”, even though there’s still no evidence it was known to cyber criminals and used in real-world attacks before being officially disclosed in April. The report notes that in the wake of the disclosure, several organisations were blinded by panic and actually upgraded from non-vulnerable to vulnerable versions of OpenSSL.
Trend Micro also reported that the obsolete Windows XP operating system, for which Microsoft no longer issues security updates, now features at least 16 unpatched vulnerabilities classified as ‘critical’.
During the past three months, Conficker remained the number one malware threat, five years after it arrived on the cyber crime scene, but the report also highlighted the growing popularity of new types of treats like mobile ransomware – malicious applications like ‘ANDROIDOS_LOCKER.A’ which encrypt the internal storage of the device and demand around $30 in exchange for the encryption key.
Meanwhile, Operation Emmental is defeating two-factor authentication by intercepting ‘session tokens’ sent to online banking customers through SMS. This sophisticated campaign continues employing a combination of spam, phishing websites and mobile malware to steal money from its victims.
“Organisations must treat information security as a primary component of a long-term business strategy rather than handling security issues as tertiary, minor setbacks,” said Raimund Genes, CTO, Trend Micro. “Similar to having a business strategy to improve efficiency, a well-thought-out security strategy should also improve current protection practices that achieve long-term benefits. The incidents observed during this quarter further establish the need for a more comprehensive approach to security.”
What do you know about famous hackers? Take our quiz!
Chinese government opens antitrust probe into Nvidia's $7bn acquisition of Mellanox, in move seen as…
Google Willow quantum chip makes significant improvements in error correction, moving quantum computing closer to…
TikTok, ByteDance ask court for emergency injunction to pause enforcement of divestiture law pending Supreme…
ChatGPT developer OpenAI reportedly discussing removal of provision that blocks Microsoft from accessing super-intelligent AI
European Commission reportedly questions Nvidia competitors, customers over business practices in AI chip market over…
Apple reportedly planning to use first-generation in-house 5G modem in iPhone SE next year, hopes…