Peer-to-peer (P2P) file sharing has become a popular past time, but malware in some files can make downloading games and applications very dangerous to organizations in all types of industries when the content is downloaded on employers’ networks.
A report recently released by BitSight Technologies, a Cambridge, Mass.-based security firm, assessed the cybersecurity readiness of more than 30,000 companies and found 39% of the games and 43% of the applications available for free on peer-to-peer piracy sites carry malicious software.
The most downloaded games were “Grand Theft Auto 5,” followed in order by “The Sims 4,” “Mortal Kombat X,” “FIFA 15,” and the “Witcher.”
“Adobe Photoshop” was the most downloaded application, followed by Microsoft Windows 8.1, Microsoft Windows 7, and Microsoft Windows 10. Education industry employees were the most frequent downloaders, followed by hospital/tourism, government and energy.
A Ground Breaking Report
The report, “Peer to Peer Peril: How BitTorrent File Sharing Impacts Vendor Risk and Security Benchmarking,” noted that many organizations ban downloading from piracy sites, but in some industries, more than 25% of companies are sharing files over the BitTorrent protocol. Some of the files are most likely legitimate, but many are classified as games, movies and other copyrighted content.
Software and games are especially dangerous since they contain executable files, as opposed to music and video files. Files that are executable authorize a user to automatically do tasks and functions without the user’s participation. For example, rather than booting up a video game menu screen, a user can be providing access to his or her employer’s payroll data.
“Grand Theft Auto 5” and Adobe Photoshop have been torrent site fixtures for years, despite the fact that Adobe said it would move to a subscription plan to prevent piracy. A random search of Kickass Torrents and Pirate Bay websites yielded hundreds of illicit files being spread by thousands of users, who presumably are from all over the globe.
Pirate Bay Closing Draws Attention
The 12-page BitSight report notes that file sharing problems have come to public light due to Sweden’s closing Pirate Bay after the U.S. threatened sanctions through the World Trade Organization. It notes that P2P file sharing became popular in the late Eighties and early Nineties thanks to websites like Limewire, Napster and Kazaa.
BitSight tracked file sharing activity on 23% of companies using the BitTorrent protocol among more than 307,000 companies that it rates for security performance. It notes that much of the activity violates corporate policies, even though there are no public metrics on how many companies forbid P2P file sharing.
File sharing is not illegal, the report notes; only sharing copyrighted content is.
P2P file sharing results from “shadow IT,” where employees download copyrighted business applications like Adobe and Microsoft products. Legal departments and IT departments are knowledgeable about the consequences of illegal sharing of copyrighted material. However, companies may not be aware of the security risks these activities pose.
The fact that BitSight researchers found that 43% of torrented applications carried malicious software in reviewing hundreds of torrented files from the BitTorrent protocol indicates businesses need to have technologies and policies that mitigate the risks these activities pose.
The report includes industry metrics as well as recommendations to help security professionals reduce this threat to vendor and corporate networks.
BitSight security ratings measure an organization’s security performance. The ratings are based on an analysis of observable data. Banks, insurers and equity companies use the ratings to mitigate third party risks, underwrite cyber insurance, benchmark security performance, manage portfolio cyber risk, and conduct M&A due diligence.
Report Uncovers Problems With File Sharing
Report findings include:
• File sharing is a common problem.
• Companies with file sharing carry lower BitSight security ratings.
• Torrented files carry a major malware business risk.
• A correlation exists between file sharing activity and botnet activity.
• Government, utilities and education industries are poor performers.
In analyzing the correlation between BitTorrent activity and botnet infections, BitSight noted high malware infection rates indicate companies with file sharing activity are more vulnerable to botnet infections.
Earlier research reinforces this finding, including a Vienna University of Technology paper, “Vanity Cracks and Malware: Insights into the Anti-Copy Protection Ecosystem.” Researchers analyzed file sharing download links and observed that a majority of the programs seek to infect the target machine with one or more malware types.
BitSight examined applications and games since these categories contain executable files that tend to be more susceptible to malware. It found that 39% of games and 54% of applications carried malicious code after running the files through file scanners and accounting for false positives.
This finding indicates a high number of files shared over the BitTorrent protocol have potentially harmful software. Researchers, after finding these files had a high rate of infection, explored whether companies with file sharing activity have more compromised machines on account of botnet infections.
BitTorrent Tied Closely To Botnet Infections
BitSight found a correlation between botnet infections and file sharing over BitTorrent protocol. BitSight cannot demonstrate malicious software from BitTorrent files caused the infections, but it does believe companies with more BitTorrent activity are more apt to have more botnet infections.
The report notes significant differences exist among industry sectors in file sharing activity. It examined 10 industries: retail, education, government, media/entertainment, energy/utilities, tourism/hospitality, manufacturing, legal, finance and healthcare. These industries provide a diverse set of sectors in the global economy.
The research found that finance is the top performer in preventing file sharing on corporate networks. A security culture and strong regulations are credited for this.
Retailers have the most breaches. In light of breaches at Home Depot and Target, many are skeptical of retailers’ ability to prevent attacks. The report noted that 22% of retailers have file sharing activity on their networks.
Healthcare achieved a “middle of the pack” file sharing performance. This sector has a lower than average number of shares.
File sharing was found in around 25% of energy/utility sector companies. The most surprising finding here is the high average shares per entity: 2.8k. The researchers found this surprising given that energy/utilities is a highly-regulated industry.
The government sector is a poor performer. About 32% of government entities indicated some level of file sharing activity on their networks. The average number of shares per entity was 3.1k.
Government Agencies Recognize The Risks
Government agencies have cited the dangers of corporate file sharing. A 2009 bill that never got beyond the U.S. House of Representatives attempted to halt file sharing by federal employees.
Downloading copyrighted media has plagued higher education administrators. The Copyright Clearance Center noted that universities may face liability claims from students’ conduct. About 58% of education sector organizations have observed file sharing on networks. Nonetheless, share-per-entity is 1.2k, which is below that of government and energy/utilities.
BitSight examined the relationship between its security ratings and BitTorrent activity. The analysis found a significant difference in median security ratings for firms with file sharing and those without it for every industry.
Recommendations For Business
The report recommended the following guidelines for businesses:
• Have a clear file sharing policy for the corporate network and enforce it. Periodic training and updates will make employees aware of security policies. If file sharing is allowed for some purposes, there need to be policies to stop unauthorized sharing.
• Configure firewalls to prevent file sharing. Companies can adjust firewalls to stop file sharing over networks.
• Verify file sharing with continuous monitoring. BitSight provides outside-in monitoring of networks. No information is required from the rated company, providing professionals the means to identify unauthorized file sharing on a network.
• Examine file sharing activity on third party vendor networks and acquisition targets, in particular, those with access to company information. Third party risk teams need to invest in verification tools to make sure vendors adhere to their stated policies. Companies seeking to make acquisitions should review file sharing activity on the acquisition target’s network.
Steps to prevent file sharing are available on the FTC website, www.ftc.gov/tips-advice/business-center/guidance/peer-peer-file-sharing-guide-business.
Professionals Can Use Recommendations
Security professionals can use the recommendations for several uses. These include:
• Benchmarking security performance
• Managing vendor risks
• Conducting M&A due diligence
• Underwriting cyber insurance
Images from Shutterstock and BitSight.
Ethereum Notches Two-Month High as Bitcoin Offspring Triggers Volatility
Digital currency Ethereum climbed to a two-month high on Monday, taking some of the heat off Bitcoin and Bitcoin Cash, which have slumped since the weekend.
Ethereum Forges Higher Path
Concerns over Bitcoin created a favourable tailwind for Ethereum (ETH/USD), which is the world’s No. 2 digital currency by total assets. Ether’s price topped $340.00 on Monday and later settled at $323.54. That was the highest since June 20.
At its peak, ether was up 10% on the day and 70% for the month of August.
The ETH/USD was last down 2.2% at $315.02, according to Bitfinex. Prices are due for a brisk recovery, based on the daily momentum indicators.
Fractured Bitcoin Community
Bitcoin and its offshoot, Bitcoin Cash, retreated on Monday following a volatile weekend. The BTC/USD slumped at the start of the week and was down more than 3% on Tuesday, with prices falling below $3,900.00. Just last week, Bitcoin was trading at new records near $4,500.00.
Bitcoin Cash, which emerged after the Aug. 1 hard fork, climbed to new records on Saturday, but has been in free-fall ever since. The BTH was down another 20% on Tuesday to $594.49, according to CoinMarketCap. Its total market value has dropped by several billion over the past two days.
Analysts say that a “fractured” Bitcoin community has made Ethereum a more attractive bet this week. The ether token has shown remarkable poise over the past seven days, despite trading well shy of a new record.
Other drivers behind Ethereum’s advance are steady demand from South Korean investors and growing confidence in a smooth upgrade for the the ETH network. The upgrade, which has been dubbed “Metropolis,” is expected in the next several weeks. Its key benefits include tighter transaction privacy and greater efficiency.
Ethereum Prices Unaffected by ICO Heist
Fin-tech developer Enigma was on the receiving end of a cyber-heist on Monday after hackers took over the company’s website, mailing list and instant messaging platforms. The hack occurred three weeks before Enigma’s planned Initial Coin Offering (ICO) for September 11.
In addition to defacing the company’s website, the hackers pushed a special “pre-sale” ahead of the ICO. While many users realized it was a scam, 1,492 ether tokens – valued at $495,000 – were directed into the hackers’ cryptocurrency wallet by unsuspecting backers.
The irony in all this is that Engima is a cryptography company that prides itself on top-notch security protocols. The company issued a statement that its servers had not been compromised.
Ethereum Prices on Track for 35% Monthly Drop
It has been a difficult month for ethereum. The world’s No. 2 digital currency has lost a third of its value over the past 30 days following a series of cyber breaches targeting vulnerable wallets and ICOs.
Ethereum Struggles to Regain Momentum
Ethereum (ETH/USD) was trading near $197.00 Sunday at 6:30 BST, according to Bitfinex. That represents a decline of around 5%. At current values, ethereum’s market cap was $18.4 billion.
The ETH/USD exchange rate has struggled throughout July, with prices briefly falling below $160.00. The decline, which amounted to a 60-day low, lured bargain-hunters back into the market. After surging back toward $250.00, the ETH/USD has consolidated below the $220-mark, which continues to offer strong resistance. On the opposite side of the spectrum, major support is located at $180.00.
A price recovery may prove elusive in the short-term, with the Relative Strength Index (RSI) and Stochastic indicator signalling weak underlying momentum.
Despite its recent decline, ethereum’s value has surged more than 2,200% this year.
Cyber Attacks, SEC Weigh on Market
The ethereum network suffered a large-scale cyber breach earlier this month resulting in the loss of tens of millions of dollars. A community of ethical hackers quickly banded together to “rescue” hundreds of millions of dollars worth of tokens.
Blockchain-based trading platform Coindash was also hijacked during an initial coin offering (ICO). The breach exposed Coindash’s ether wallet address, resulting in the loss of $7 million worth of ether.
The Securities and Exchange Commission (SEC) has also taken an interest in the ethereum-based ICO market. Last week, the regulator concluded that a certain multi-million dollar token sale last year violated securities law. Although ICOs have been compared to crowd-sourcing, the SEC maintained that some tokens were in fact securities.
Analysts say the SEC ruling could impact the future of ICOs, although it remains unclear how the regulator is pursuing this market. The SEC’s July 25 press release cautions investors about ICOs in general.
Coders Safeguard Vulnerable Ethereum Wallets Following Security Breach
Ethereum suffered large-scale security breaches last week after anonymous hackers targeted vulnerable wallets in the network, resulting in the loss of tens of millions of dollars. However, it didn’t take long for a volunteer group of coders to “rescue” the funds in 500 at-risk wallets before the same attackers could get to them too.
White Hat Group Takes Charge
The so-called White Hat Group showed initiative by “rescuing” the funds using the same techniques the thieves employed to compromise $32 million USD worth of ether from three multi-signature wallets. As of Monday, the White Hat Group of ethical hackers was in possession of $86 million worth of ether and an additional $122 million in tokens.
Tokens are digital assets that are sold during an Initial Coin Offering (ICO) fundraising event. They have proven to be extremely popular.
Tens of millions of dollars worth of ether and tokens have already been returned to their owners. The White Hat Group says it will issue full refunds by the end of July.
Blockchain-based trading platform Coindash was also breached last week, resulting in the loss of more than $7 million worth of ether.
Security Breaches Nothing New in Crypto World
For all its benefits, cryptocurrency has been vulnerable to several high-profile security breaches. Last summer, Hong Kong-based Bitfinex was the target of a major attack that resulted in the theft of around $70 million worth of bitcoins. In response, the exchange announced a controversial plans to “socialize” its losses among all users. Each Bitfinex trader was docked 36% as a result.
Bitcoin prices declined sharply following the attack, stopping what had been a blistering summer of gains.
Ethereum Enterprise Alliance
For anyone doubting the potential of the ether, take a look at the list of companies participating in the Enterprise Ethereum Alliance (EEA). The EEA is a forum that connects Fortune 500 companies, startups and academics with ethereum subject matter experts. The EEA is made up of multinational banks and some of the world’s biggest technology companies.
The forum has made cyber security a top priority, according to a May 22 press release. In the release, companies like Infosys, Mitsubishi UFJ Financial Group, Synechron and others expressed their intent to contribute to the future of ethereum’s security.
- Long-Term Cryptocurrency Analysis: Bitcoin Flirts with $8000 as Altcoin Bull Persists November 18, 2017
- Trade Recommendation: Zcash November 18, 2017
- Trade Recommendation: Bitcoin November 18, 2017
- Segwit2x: The Hard Fork That Failed to Activate November 18, 2017
- Hacked.com Weekly Webinar Series: Nov. 17 Edition November 18, 2017
- NEO Is Crushing It Today November 18, 2017
- Week in Review: Bitcoin Returns to Record Highs, Stocks Falter Amid Volatility November 18, 2017
- Technical Analysis: Litecoin and NEO Jump as Bitcoin Trades near $8000 November 17, 2017
- XRP Looking to Make a Significant Rally November 17, 2017
- Trade Recommendation: Ethereum Classic November 17, 2017
A part of CCN
Analysis1 week ago
Long-Term Cryptocurrency Analysis: Bitcoin Enters Correction as Altcoins Break Out
Cryptocurrencies4 days ago
Trade Recommendation: Bitcoin Cash
Altcoins1 week ago
Bitcoin Cash (BCH) and Bitcoin (BTC) Showdown – Let the Fight Begin
Cryptocurrencies1 week ago
Trade Recommendation: Bitcoin Cash
Cryptocurrencies1 week ago
Trade Recommendation: Litecoin
Analysis1 week ago
Technical Analysis: Bitcoin Breaks Below $7000, Altcoins Pull Back, As Bitcoin Cash Jumps
Cryptocurrencies5 days ago
Trade Recommendation: Ethereum Classic
Cryptocurrencies1 week ago
Trade Recommendation: Ethereum Classic