Ransomware on SLED networks

Malware, ransomware twice as likely to hit state, local networks

State and local governments networks are nearly twice as likely to be infected with malware or ransomware than those in small and medium businesses, according to new data released by Sentinel IPS, a cybersecurity threat management firm.

Education-sector networks also suffer from high infections rates. After evaluating over 30 million alerts from its users around the world, Sentinel IPS found that 67 percent of government networks and 72 percent of education networks triggered critical malware or ransomware alerts, compared to just 39 percent of other networks triggering similar alerts.

These SLED networks – representing 32 percent of the sample size – accounted for 77 percent of critical extrusion prevention system (EPS) check-in alerts.

Among the firm’s findings:

  • A government or education network is four times more likely to be infected with Cryptolocker ransomware compared to other entities.
  • The Kovter botnet, which steals personal information and enables ransomware was concentrated almost exclusively in the government and education space, infecting 23 percent of all networks while affecting only one other network from a different industry.
  • BrowseFox, an adware program that monitors users’ activity and displays pop-up advertising, was reported by 23 percent of government and 67 percent of education networks.

These infections mean that government and educational networks lack “the proper internal controls and protections to keep even the most basic malware, adware and spyware off of their internal systems,” according to the Sentinel IPS blog.

Organizations with fewer, less-advanced cybersecurity resources -- like budget-strapped government offices -- are easy prey for hackers, the report suggested. Additionally, agencies trying to protect a variety of different systems with limited resources are more vulnerable to ransomware attacks, Tim Francis, cyber enterprise lead at Travelers, told DarkReading.

While attacks on educational networks accounted for nearly a third of attempted cyberattacks despite representing only 7 percent of Sentinel IPS sample set, they are still largely “crimes of opportunity,” Rob McCurdy, chief information security officer at Michigan State University, told the Financial Times. He said he sees attackers scanning the university networks for access to personally identifiable information, rather than targeted attacks by nation states seeking research.

But even good cybersecurity protocols may not protect agencies because of the sophistication of the current crop of malware. “The ransomware is that good,” said Joseph Bonavolonta, the assistant special agent in charge of the FBI’s CYBER and Counterintelligence Program, according to a report on The Security Ledger.  “To be honest, we often advise people just to pay the ransom.”

About the Author

Connect with the GCN staff on Twitter @GCNtech.

inside gcn

  • HPE SGI 8600

    New supercomputers headed to DOD

Reader Comments

Tue, Dec 1, 2015 Corey

Some government and educational institutions are more vulnerable because they lack the resources to equip themselves with proper security. This should give companies incentives to promote affordable software that is effective and easy to use. Investing in proper disaster recovery, for example Rollback Rx, is a good alternative in these situations. Freeware is not always the best solution to security, but sometimes the only one people can afford.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group