Global Botnet Attack Hits Enterprise, Government PCs
Operating undetected for about a year, the criminals behind the cyberattack had control of more than 74,000 computers.
Over 74,000 personal, corporate and government computers at over 2,500 organizations around the world have been found to be zombies in the newly discovered "Kneber botnet."
Late last month, NetWitness, a computer security company headed by former DHS cybersecurity director Amit Yoran, discovered over 75 GB of stolen data as part of its routine enterprise analytics activities. The company says that the data turned out to be the product of a botnet of over 74,000 computers, that the malware used to create the botnet was recognized by less than 10% of antivirus software, and that the botnet's network communication was not recognized by existing intrusion detection systems.
The cache of data represents a month of botnet data collection and the botnet is estimated to have been operating for about a year. The stolen data includes about 68,000 corporate logins to e-mail accounts, online banking accounts, Facebook, Hotmail, Yahoo accounts and other social networking sites. It also includes almost 2,000 SSL certificate files, which are used for activities like online banking or connecting to a VPN.
Merck, Cardinal Health, Paramount Pictures and Juniper Networks are among the companies believed to have been affected, according to a report in The Wall Street Journal.
Yoran suggests that this botnet makes Operation Aurora, the cyber attack directed at Google and 33 other companies last December, look insignificant. "While Operation Aurora shed light on advanced threats from sponsored adversaries, the number of compromised companies and organizations pales in comparison to this single botnet," he said in a statement. "These large-scale compromises of enterprise networks have reached epidemic levels. Cyber criminal elements, like the Kneber crew, quietly and diligently target and compromise thousands of government and commercial organizations across the globe."
NetWitness says that the Kneber botnet was assembled using a variant of the Zeus Trojan, malware that's widely known for stealing banking credentials. But the compromised PCs -- all running Windows, mainly XP or Vista -- also show signs of a secondary infection with Waledac, a peer-to-peer spamming botnet. While this is not unusual, NetWitness believes that the data it has analyzed indicates that the two criminal gangs behind these two malware families are cooperating.
The company says that it cannot be certain as to how or by whom this stolen data will be used. Much of the computer and domain infrastructure used to spread the botnet resides in China, though those operating the botnet are believed to be in Eastern Europe.
Google in the Enterprise SurveyThere's no doubt Google has made headway into businesses: Just 28 percent discourage or ban use of its productivity products, and 69 percent cite Google Apps' good or excellent mobility. But progress could still stall: 59 percent of nonusers distrust the security of Google's cloud. Its data privacy is an open question, and 37 percent worry about integration.
Join us for a roundup of the top stories on InformationWeek.com for the week of December 14, 2014. Be here for the show and for the incredible Friday Afternoon Conversation that runs beside the program.