Luxembourg, August 1st, 2013 - To face this threat, the Computer Incident Response Center Luxembourg (CIRCL) has developed a new tool whose aim is to counter this trend
The Computer Incident Response Center Luxembourg (CIRCL) has recently developed a new tool, called BGP Ranking http://bgpranking.circl.lu/trend. One of the major solutions it encloses is the possibility to see the evolution of infected machines by network or by countries in a graphical form. The way CIRCL acquires this data is by first gathering on the Internet the listings of infected machines and then joining them together. It enables to have particularly detailed and complete data.
The advantages are numerous. It allows the Response Center to track the evolution of infected IP addresses and infected servers from any hosters. It also gives a broader picture of the current trends, which are generally stable as organizations try to fix security issues as quickly as possible. However, an important fact is that whenever new machines appear and are installed, the patching is not always performed and softwares are often not updated on a regular basis. In turn, the risk for machines to be re-infected is high.
The numerical information extracted by CIRCL also permits on a national level to determine the trends and know if an action needs to be taken and security measures to be carried out.
The graph shows values per country, which provides a good trend overview and efficient comparison between different countries, in relation to the quantity of servers they host. CIRCL has noticed that servers’ infection is due to the lack of regular patching and administration of public web sites, especially when it comes to CMS software. Vulnerabilities are then used by attackers to host malicious content. CIRCL recommends to continuously maintain the infrastructure up to date and to patch all systems. Anther important fact is the increase of backdoors within some systems, which are installed by the vendor in order to allow the maintenance. This creates new vulnerabilities and machines can easily get infected. It is essential when installing a software to consider adding an extra layer of security to avoid the malicious use of backdoors. To effectively prevent security breaches and cyber attacks, CIRCL recommends the following: regularly update the software; check if a software has a backdoor and in the case it has, it is essential to control and manage properly all dedicated accesses.