UK Home To More Botnet Command And Control Servers Than Any Other Country

The UK is home to more botnet Command and Control (C&C) servers than any other country in the world, suggests the latest quarterly report by Japanese security vendor Trend Micro.

The report, entitled “Turning the Tables on Cybercrime: Responding to Evolving Cybercrime Tactics”, also found that cyber attacks have intensified and increased in severity over the past three months, especially those aimed at financial institutions and the retail sector. This resulted in exposure of more than 10 million personal records.

It’s chaos out there

Trend Micro found that 32 percent of known botnet C&C servers were hosted in Britain, followed by the US with 29 percent. By comparison, Germany hosts just three percent of known botnet infrastructure, and France – just one percent. This doesn’t mean that the cyber criminals themselves are based in the UK – they are simply abusing the trust towards local infrastructure providers.

As of July 15, 2014, more than 400 major data breach incidents have been reported since the beginning of the year. These include such high-profile victims as eBay, Evernote, Code Spaces and Feedly, to name a few. In the case of Code Spaces, the breach actually made the software development start-up to go out of business.

“This quarter is showing that data breach events can affect anyone that stores data. There is no such thing as a ‘safe’ industry or website now,” wrote Christopher Budd, a spokesman for Trend Micro.

The report called Heartbleed the “most critical vulnerability uncovered to date”, even though there’s still no evidence it was known to cyber criminals and used in real-world attacks before being officially disclosed in April. The report notes that in the wake of the disclosure, several organisations were blinded by panic and actually upgraded from non-vulnerable to vulnerable versions of OpenSSL.

Trend Micro also reported that the obsolete Windows XP operating system, for which Microsoft no longer issues security updates, now features at least 16 unpatched vulnerabilities classified as ‘critical’.

Ongoing threats

During the past three months, Conficker remained the number one malware threat, five years after it arrived on the cyber crime scene, but the report also highlighted the growing popularity of new types of treats like mobile ransomware – malicious applications like ‘ANDROIDOS_LOCKER.A’ which encrypt the internal storage of the device and demand around $30 in exchange for the encryption key.

Meanwhile, Operation Emmental is defeating two-factor authentication by intercepting ‘session tokens’ sent to online banking customers through SMS. This sophisticated campaign continues employing a combination of spam, phishing websites and mobile malware to steal money from its victims.

“Organisations must treat information security as a primary component of a long-term business strategy rather than handling security issues as tertiary, minor setbacks,” said Raimund Genes, CTO, Trend Micro. “Similar to having a business strategy to improve efficiency, a well-thought-out security strategy should also improve current protection practices that achieve long-term benefits. The incidents observed during this quarter further establish the need for a more comprehensive approach to security.”

What do you know about famous hackers? Take our quiz!