Report: BitTorrent Malware Risks Call For Better Security Measures
Peer-to-peer (P2P) file sharing has become a popular past time, but malware in some files can make downloading games and applications very dangerous to organizations in all types of industries when the content is downloaded on employers’ networks.
A report recently released by BitSight Technologies, a Cambridge, Mass.-based security firm, assessed the cybersecurity readiness of more than 30,000 companies and found 39% of the games and 43% of the applications available for free on peer-to-peer piracy sites carry malicious software.
The most downloaded games were “Grand Theft Auto 5,” followed in order by “The Sims 4,” “Mortal Kombat X,” “FIFA 15,” and the “Witcher.”
“Adobe Photoshop” was the most downloaded application, followed by Microsoft Windows 8.1, Microsoft Windows 7, and Microsoft Windows 10. Education industry employees were the most frequent downloaders, followed by hospital/tourism, government and energy.
A Ground Breaking Report
The report, “Peer to Peer Peril: How BitTorrent File Sharing Impacts Vendor Risk and Security Benchmarking,” noted that many organizations ban downloading from piracy sites, but in some industries, more than 25% of companies are sharing files over the BitTorrent protocol. Some of the files are most likely legitimate, but many are classified as games, movies and other copyrighted content.
Software and games are especially dangerous since they contain executable files, as opposed to music and video files. Files that are executable authorize a user to automatically do tasks and functions without the user’s participation. For example, rather than booting up a video game menu screen, a user can be providing access to his or her employer’s payroll data.
“Grand Theft Auto 5” and Adobe Photoshop have been torrent site fixtures for years, despite the fact that Adobe said it would move to a subscription plan to prevent piracy. A random search of Kickass Torrents and Pirate Bay websites yielded hundreds of illicit files being spread by thousands of users, who presumably are from all over the globe.
Pirate Bay Closing Draws Attention
The 12-page BitSight report notes that file sharing problems have come to public light due to Sweden’s closing Pirate Bay after the U.S. threatened sanctions through the World Trade Organization. It notes that P2P file sharing became popular in the late Eighties and early Nineties thanks to websites like Limewire, Napster and Kazaa.
BitSight tracked file sharing activity on 23% of companies using the BitTorrent protocol among more than 307,000 companies that it rates for security performance. It notes that much of the activity violates corporate policies, even though there are no public metrics on how many companies forbid P2P file sharing.
File sharing is not illegal, the report notes; only sharing copyrighted content is.
P2P file sharing results from “shadow IT,” where employees download copyrighted business applications like Adobe and Microsoft products. Legal departments and IT departments are knowledgeable about the consequences of illegal sharing of copyrighted material. However, companies may not be aware of the security risks these activities pose.
The fact that BitSight researchers found that 43% of torrented applications carried malicious software in reviewing hundreds of torrented files from the BitTorrent protocol indicates businesses need to have technologies and policies that mitigate the risks these activities pose.
The report includes industry metrics as well as recommendations to help security professionals reduce this threat to vendor and corporate networks.
BitSight security ratings measure an organization’s security performance. The ratings are based on an analysis of observable data. Banks, insurers and equity companies use the ratings to mitigate third party risks, underwrite cyber insurance, benchmark security performance, manage portfolio cyber risk, and conduct M&A due diligence.
Report Uncovers Problems With File Sharing
Report findings include:
• File sharing is a common problem.
• Companies with file sharing carry lower BitSight security ratings.
• Torrented files carry a major malware business risk.
• A correlation exists between file sharing activity and botnet activity.
• Government, utilities and education industries are poor performers.
In analyzing the correlation between BitTorrent activity and botnet infections, BitSight noted high malware infection rates indicate companies with file sharing activity are more vulnerable to botnet infections.
Earlier research reinforces this finding, including a Vienna University of Technology paper, “Vanity Cracks and Malware: Insights into the Anti-Copy Protection Ecosystem.” Researchers analyzed file sharing download links and observed that a majority of the programs seek to infect the target machine with one or more malware types.
BitSight examined applications and games since these categories contain executable files that tend to be more susceptible to malware. It found that 39% of games and 54% of applications carried malicious code after running the files through file scanners and accounting for false positives.
This finding indicates a high number of files shared over the BitTorrent protocol have potentially harmful software. Researchers, after finding these files had a high rate of infection, explored whether companies with file sharing activity have more compromised machines on account of botnet infections.
BitTorrent Tied Closely To Botnet Infections
BitSight found a correlation between botnet infections and file sharing over BitTorrent protocol. BitSight cannot demonstrate malicious software from BitTorrent files caused the infections, but it does believe companies with more BitTorrent activity are more apt to have more botnet infections.
The report notes significant differences exist among industry sectors in file sharing activity. It examined 10 industries: retail, education, government, media/entertainment, energy/utilities, tourism/hospitality, manufacturing, legal, finance and healthcare. These industries provide a diverse set of sectors in the global economy.
The research found that finance is the top performer in preventing file sharing on corporate networks. A security culture and strong regulations are credited for this.
Retailers have the most breaches. In light of breaches at Home Depot and Target, many are skeptical of retailers’ ability to prevent attacks. The report noted that 22% of retailers have file sharing activity on their networks.
Healthcare achieved a “middle of the pack” file sharing performance. This sector has a lower than average number of shares.
File sharing was found in around 25% of energy/utility sector companies. The most surprising finding here is the high average shares per entity: 2.8k. The researchers found this surprising given that energy/utilities is a highly-regulated industry.
The government sector is a poor performer. About 32% of government entities indicated some level of file sharing activity on their networks. The average number of shares per entity was 3.1k.
Government Agencies Recognize The Risks
Government agencies have cited the dangers of corporate file sharing. A 2009 bill that never got beyond the U.S. House of Representatives attempted to halt file sharing by federal employees.
Downloading copyrighted media has plagued higher education administrators. The Copyright Clearance Center noted that universities may face liability claims from students’ conduct. About 58% of education sector organizations have observed file sharing on networks. Nonetheless, share-per-entity is 1.2k, which is below that of government and energy/utilities.
BitSight examined the relationship between its security ratings and BitTorrent activity. The analysis found a significant difference in median security ratings for firms with file sharing and those without it for every industry.
Recommendations For Business
The report recommended the following guidelines for businesses:
• Have a clear file sharing policy for the corporate network and enforce it. Periodic training and updates will make employees aware of security policies. If file sharing is allowed for some purposes, there need to be policies to stop unauthorized sharing.
• Configure firewalls to prevent file sharing. Companies can adjust firewalls to stop file sharing over networks.
• Verify file sharing with continuous monitoring. BitSight provides outside-in monitoring of networks. No information is required from the rated company, providing professionals the means to identify unauthorized file sharing on a network.
• Examine file sharing activity on third party vendor networks and acquisition targets, in particular, those with access to company information. Third party risk teams need to invest in verification tools to make sure vendors adhere to their stated policies. Companies seeking to make acquisitions should review file sharing activity on the acquisition target’s network.
Steps to prevent file sharing are available on the FTC website, www.ftc.gov/tips-advice/business-center/guidance/peer-peer-file-sharing-guide-business.
Professionals Can Use Recommendations
Security professionals can use the recommendations for several uses. These include:
• Benchmarking security performance
• Managing vendor risks
• Conducting M&A due diligence
• Underwriting cyber insurance
Images from Shutterstock and BitSight.