Connect with us

Breaches

Report: BitTorrent Malware Risks Call For Better Security Measures

Published

on

Peer-to-peer (P2P) file sharing has become a popular past time, but malware in some files can make downloading games and applications very dangerous to organizations in all types of  industries when the content is downloaded on employers’ networks.

// -- Discuss and ask questions in our community on Workplace.

BitSight-File-Sharing

A report recently released by BitSight Technologies, a Cambridge, Mass.-based security firm, assessed the cybersecurity readiness of more than 30,000 companies and found 39% of the games and 43% of the applications available for free on peer-to-peer piracy sites carry malicious software.

The most downloaded games were “Grand Theft Auto 5,” followed in order by “The Sims 4,” “Mortal Kombat X,” “FIFA 15,” and the “Witcher.”

// -- Become a yearly Platinum Member and save 69 USD and get access to our secret group on Workplace. Click here to change your current membership -- //

“Adobe Photoshop” was the most downloaded application, followed by Microsoft Windows 8.1, Microsoft Windows 7, and Microsoft Windows 10. Education industry employees were the most frequent downloaders, followed by hospital/tourism, government and energy.

A Ground Breaking Report

The report, “Peer to Peer Peril: How BitTorrent File Sharing Impacts Vendor Risk and Security Benchmarking,” noted that many organizations ban downloading from piracy sites, but in some industries, more than 25% of companies are sharing files over the BitTorrent protocol. Some of the files are most likely legitimate, but many are classified as games, movies and other copyrighted content.

Software and games are especially dangerous since they contain executable files, as opposed to music and video files. Files that are executable authorize a user to automatically do tasks and functions without the user’s participation. For example, rather than booting up a video game menu screen, a user can be providing access to his or her employer’s payroll data.

“Grand Theft Auto 5” and Adobe Photoshop have been torrent site fixtures for years, despite the fact that Adobe said it would move to a subscription plan to prevent piracy. A random search of Kickass Torrents and Pirate Bay websites yielded hundreds of illicit files being spread by thousands of users, who presumably are from all over the globe.

Pirate Bay Closing Draws Attention

The 12-page BitSight report notes that file sharing problems have come to public light due to Sweden’s closing Pirate Bay after the U.S. threatened sanctions through the World Trade Organization. It notes that P2P file sharing became popular in the late Eighties and early Nineties thanks to websites like Limewire, Napster and Kazaa.

BitSight tracked file sharing activity on 23% of companies using the BitTorrent protocol among more than 307,000 companies that it rates for security performance. It notes that much of the activity violates corporate policies, even though there are no public metrics on how many companies forbid P2P file sharing.

File sharing is not illegal, the report notes; only sharing copyrighted content is.
P2P file sharing results from “shadow IT,” where employees download copyrighted business applications like Adobe and Microsoft products. Legal departments and IT departments are knowledgeable about the consequences of illegal sharing of copyrighted material. However, companies may not be aware of the security risks these activities pose.

The fact that BitSight researchers found that 43% of torrented applications carried malicious software in reviewing hundreds of torrented files from the BitTorrent protocol indicates businesses need to have technologies and policies that mitigate the risks these activities pose.

The report includes industry metrics as well as recommendations to help security professionals reduce this threat to vendor and corporate networks.

BitSight security ratings measure an organization’s security performance. The ratings are based on an analysis of observable data. Banks, insurers and equity companies use the ratings to mitigate third party risks, underwrite cyber insurance, benchmark security performance, manage portfolio cyber risk, and conduct M&A due diligence.

Report Uncovers Problems With File Sharing

Report findings include:
• File sharing is a common problem.
• Companies with file sharing carry lower BitSight security ratings.
• Torrented files carry a major malware business risk.
• A correlation exists between file sharing activity and botnet activity.
• Government, utilities and education industries are poor performers.

In analyzing the correlation between BitTorrent activity and botnet infections, BitSight noted high malware infection rates indicate companies with file sharing activity are more vulnerable to botnet infections.

Earlier research reinforces this finding, including a Vienna University of Technology paper, “Vanity Cracks and Malware: Insights into the Anti-Copy Protection Ecosystem.” Researchers analyzed file sharing download links and observed that a majority of the programs seek to infect the target machine with one or more malware types.

BitSight examined applications and games since these categories contain executable files that tend to be more susceptible to malware. It found that 39% of games and 54% of applications carried malicious code after running the files through file scanners and accounting for false positives.

This finding indicates a high number of files shared over the BitTorrent protocol have potentially harmful software. Researchers, after finding these files had a high rate of infection, explored whether companies with file sharing activity have more compromised machines on account of botnet infections.

BitTorrent Tied Closely  To Botnet Infections

BitSight found a correlation between botnet infections and file sharing over BitTorrent protocol. BitSight cannot demonstrate malicious software from BitTorrent files caused the infections, but it does believe companies with more BitTorrent activity are more apt to have more botnet infections.

The report notes significant differences exist among industry sectors in file sharing activity. It examined 10 industries: retail, education, government, media/entertainment, energy/utilities, tourism/hospitality, manufacturing, legal, finance and healthcare. These industries provide a diverse set of sectors in the global economy.

The research found that finance is the top performer in preventing file sharing on corporate networks. A security culture and strong regulations are credited for this.

Retailers have the most breaches. In light of breaches at Home Depot and Target, many are skeptical of retailers’ ability to prevent attacks. The report noted that 22% of retailers have file sharing activity on their networks.

Healthcare achieved a “middle of the pack” file sharing performance. This sector has a lower than average number of shares.

File sharing was found in around 25% of energy/utility sector companies. The most surprising finding here is the high average shares per entity: 2.8k. The researchers found this surprising given that energy/utilities is a highly-regulated industry.

The government sector is a poor performer. About 32% of government entities indicated some level of file sharing activity on their networks. The average number of shares per entity was 3.1k.

Also read: XcodeGhost malware threatens iOS users, FireEye warns

Government Agencies Recognize The Risks

Government agencies have cited the dangers of corporate file sharing. A 2009 bill that never got beyond the U.S. House of Representatives attempted to halt file sharing by federal employees.

Downloading copyrighted media has plagued higher education administrators. The Copyright Clearance Center noted that universities may face liability claims from students’ conduct. About 58% of education sector organizations have observed file sharing on networks. Nonetheless, share-per-entity is 1.2k, which is below that of government and energy/utilities.

BitSight examined the relationship between its security ratings and BitTorrent activity. The analysis found a significant difference in median security ratings for firms with file sharing and those without it for every industry.

Recommendations For Business

Bittorrent activity in industries

The report recommended the following guidelines for businesses:
• Have a clear file sharing policy for the corporate network and enforce it. Periodic training and updates will make employees aware of security policies. If file sharing is allowed for some purposes, there need to be policies to stop unauthorized sharing.
• Configure firewalls to prevent file sharing. Companies can adjust firewalls to stop file sharing over networks.
• Verify file sharing with continuous monitoring. BitSight provides outside-in monitoring of networks. No information is required from the rated company, providing professionals the means to identify unauthorized file sharing on a network.
• Examine file sharing activity on third party vendor networks and acquisition targets, in particular, those with access to company information. Third party risk teams need to invest in verification tools to make sure vendors adhere to their stated policies. Companies seeking to make acquisitions should review file sharing activity on the acquisition target’s network.

Steps to prevent file sharing are available on the FTC website, www.ftc.gov/tips-advice/business-center/guidance/peer-peer-file-sharing-guide-business.

Professionals Can Use Recommendations

Security professionals can use the recommendations for several uses. These include:
• Benchmarking security performance
• Managing vendor risks
• Conducting M&A due diligence
• Underwriting cyber insurance

Images from Shutterstock and BitSight.

Important: Never invest money you can't afford to lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here.



Feedback or Requests?

Breaches

Ethereum Notches Two-Month High as Bitcoin Offspring Triggers Volatility

Published

on

Digital currency Ethereum climbed to a two-month high on Monday, taking some of the heat off Bitcoin and Bitcoin Cash, which have slumped since the weekend.

// -- Discuss and ask questions in our community on Workplace.

Ethereum Forges Higher Path

Concerns over Bitcoin created a favourable tailwind for Ethereum (ETH/USD), which is the world’s No. 2 digital currency by total assets. Ether’s price topped $340.00 on Monday and later settled at $323.54. That was the highest since June 20.

At its peak, ether was up 10% on the day and 70% for the month of August.

The ETH/USD was last down 2.2% at $315.02, according to Bitfinex. Prices are due for a brisk recovery, based on the daily momentum indicators.

// -- Become a yearly Platinum Member and save 69 USD and get access to our secret group on Workplace. Click here to change your current membership -- //

Fractured Bitcoin Community

Bitcoin and its offshoot, Bitcoin Cash, retreated on Monday following a volatile weekend. The BTC/USD slumped at the start of the week and was down more than 3% on Tuesday, with prices falling below $3,900.00. Just last week, Bitcoin was trading at new records near $4,500.00.

Bitcoin Cash, which emerged after the Aug. 1 hard fork, climbed to new records on Saturday, but has been in free-fall ever since. The BTH was down another 20% on Tuesday to $594.49, according to CoinMarketCap. Its total market value has dropped by several billion over the past two days.

Analysts say that a “fractured” Bitcoin community has made Ethereum a more attractive bet this week. The ether token has shown remarkable poise over the past seven days, despite trading well shy of a new record.

Other drivers behind Ethereum’s advance are steady demand from South Korean investors and growing confidence in a smooth upgrade for the the ETH network. The upgrade, which has been dubbed “Metropolis,” is expected in the next several weeks. Its key benefits include tighter transaction privacy and greater efficiency.

Ethereum Prices Unaffected by ICO Heist

Fin-tech developer Enigma was on the receiving end of a cyber-heist on Monday after hackers took over the company’s website, mailing list and instant messaging platforms. The hack occurred three weeks before Enigma’s planned Initial Coin Offering (ICO) for September 11.

In addition to defacing the company’s website, the hackers pushed a special “pre-sale” ahead of the ICO. While many users realized it was a scam, 1,492 ether tokens – valued at $495,000 – were directed into the hackers’ cryptocurrency wallet by unsuspecting backers.

The irony in all this is that Engima is a cryptography company that prides itself on top-notch security protocols. The company issued a statement that its servers had not been compromised.

ETH/USD (Bitfinex)

Important: Never invest money you can't afford to lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here.



Feedback or Requests?

Continue Reading

Breaches

Ethereum Prices on Track for 35% Monthly Drop

Published

on

It has been a difficult month for ethereum. The world’s No. 2 digital currency has lost a third of its value over the past 30 days following a series of cyber breaches targeting vulnerable wallets and ICOs.

// -- Discuss and ask questions in our community on Workplace.

Ethereum Struggles to Regain Momentum

Ethereum (ETH/USD) was trading near $197.00 Sunday at 6:30 BST, according to Bitfinex. That represents a decline of around 5%. At current values, ethereum’s market cap was $18.4 billion.

The ETH/USD exchange rate has struggled throughout July, with prices briefly falling below $160.00. The decline, which amounted to a 60-day low, lured bargain-hunters back into the market. After surging back toward $250.00, the ETH/USD has consolidated below the $220-mark, which continues to offer strong resistance. On the opposite side of the spectrum, major support is located at $180.00.

A price recovery may prove elusive in the short-term, with the Relative Strength Index (RSI) and Stochastic indicator signalling weak underlying momentum.

// -- Become a yearly Platinum Member and save 69 USD and get access to our secret group on Workplace. Click here to change your current membership -- //

Despite its recent decline, ethereum’s value has surged more than 2,200% this year.

Cyber Attacks, SEC Weigh on Market

The ethereum network suffered a large-scale cyber breach earlier this month resulting in the loss of tens of millions of dollars. A community of ethical hackers quickly banded together to “rescue” hundreds of millions of dollars worth of tokens.

Blockchain-based trading platform Coindash was also hijacked during an initial coin offering (ICO). The breach exposed Coindash’s ether wallet address, resulting in the loss of $7 million worth of ether.

The Securities and Exchange Commission (SEC) has also taken an interest in the ethereum-based ICO market. Last week, the regulator concluded that a certain multi-million dollar token sale last year violated securities law. Although ICOs have been compared to crowd-sourcing, the SEC maintained that some tokens were in fact securities.

Analysts say the SEC ruling could impact the future of ICOs, although it remains unclear how the regulator is pursuing this market. The SEC’s July 25 press release cautions investors about ICOs in general.

ETH/USD (Bitfinex)


Important: Never invest money you can't afford to lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here.



Feedback or Requests?

Continue Reading

Breaches

Coders Safeguard Vulnerable Ethereum Wallets Following Security Breach

Published

on

hacker extortion bitcoin

Ethereum suffered large-scale security breaches last week after anonymous hackers targeted vulnerable wallets in the network, resulting in the loss of tens of millions of dollars. However, it didn’t take long for a volunteer group of coders to “rescue” the funds in 500 at-risk wallets before the same attackers could get to them too.

// -- Discuss and ask questions in our community on Workplace.

White Hat Group Takes Charge

The so-called White Hat Group showed initiative by “rescuing” the funds using the same techniques the thieves employed to compromise $32 million USD worth of ether from three multi-signature wallets. As of Monday, the White Hat Group of ethical hackers was in possession of $86 million worth of ether and an additional $122 million in tokens.

Tokens are digital assets that are sold during an Initial Coin Offering (ICO) fundraising event. They have proven to be extremely popular.

Tens of millions of dollars worth of ether and tokens have already been returned to their owners. The White Hat Group says it will issue full refunds by the end of July.

// -- Become a yearly Platinum Member and save 69 USD and get access to our secret group on Workplace. Click here to change your current membership -- //

Blockchain-based trading platform Coindash was also breached last week, resulting in the loss of more than $7 million worth of ether.

Security Breaches Nothing New in Crypto World

For all its benefits, cryptocurrency has been vulnerable to several high-profile security breaches. Last summer, Hong Kong-based Bitfinex was the target of a major attack that resulted in the theft of around $70 million worth of bitcoins. In response, the exchange announced a controversial plans to “socialize” its losses among all users. Each Bitfinex trader was docked 36% as a result.

Bitcoin prices declined sharply following the attack, stopping what had been a blistering summer of gains.

Ethereum Enterprise Alliance

For anyone doubting the potential of the ether, take a look at the list of companies participating in the Enterprise Ethereum Alliance (EEA). The EEA is a forum that connects Fortune 500 companies, startups and academics with ethereum subject matter experts.  The EEA is made up of multinational banks and some of the world’s biggest technology companies.

The forum has made cyber security a top priority, according to a May 22 press release. In the release, companies like Infosys, Mitsubishi UFJ Financial Group, Synechron and others expressed their intent to contribute to the future of ethereum’s security.

Important: Never invest money you can't afford to lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here.



Feedback or Requests?

Continue Reading

Trending