Skip to main content

Evidence of compromise present in almost all enterprise networks

(Image credit: Pixabay)

Almost all large organisations in Eastern Europe have been compromised to some extent. This is according to a new report from Positive Technologies, which claims 97 percent of companies with at least 1,000 employees show signs of suspicious network activity.

Of all compromised networks, 64 percent exhibited instances of traffic hiding (VPN tunnelling, connecting to the Tor network and proxying).

"Traffic hiding is risky, because when the employees connect to Tor, set up proxy servers, and set up VPN to bypass websites blocking, the hackers can use the same technologies to communicate with command and control servers," said Evgeny Gnedin, Head of Information Security Analytics at Positive Technologies. 

"The attackers can use that to control the malware and trigger a payload attack," he added.

Further, 81 percent of companies’ advanced network traffic analysis detected malware activity, including miners, adware and spyware.

In a third of cases, internal networks had been scanned, which includes multiple failed attempts to connect to hosts. The report suggests this could mean hackers had attempted to map out the network.

According to Positive Technologies, in many cases compromise is caused by a lack of attention to company policies. In 94 percent of companies, employees are not compliant with information security policies, “opening the door for the hackers to exploit”.

Problems also arise when sensitive data is transmitted in cleartext, or remote access software is deployed. In 44 percent of cases, employees use BitTorrent protocol for data transfer, which increases the risk of malware infection.