Rootkits Wreak Havoc on Australian Companies

One in five Australian enterprises found a rootkit on a corporate network.

This alarming figure is revealed in the 2006 Australian Computer Emergency Response Team (AusCert) Computer Crime Survey, which drew responses from almost 400 companies in Australia.

For the first time, AusCert has segregated the category of “virus, worm or trojan infection” into two specific categories: virus or worm infection and trojan or rootkit infection. As a result, the survey found 21 percent of respondent companies’ networks were hit by a rootkit while 45 percent had experienced a virus or worm.

AusCert General Manager Graham Ingram says the figure for rootkit infection is “disproportionately high.”

Ingram said that in the past, enterprises viewed trojan and rootkit infection as a home PC issue.

Malicious code sidesteps detection

More than 60 percent of today’s malicious code goes undetected by antispam and antivirus tools at work in business, despite their use by 98 percent of organizations.

Hackers are yesterday’s news, according to the 2006 AusCert Computer Crime Survey.

Today, organized crime is pushing an agenda of malicious code, which Ingram said has changed the corporate landscape.

“We have always dealt with very large numbers from worm and virus infections, but trojan and rootkit activity has always been hidden, and this year one in five enterprises are getting hit by trojans or rootkits,” he said.

“When the amount of malicious code in the form of trojans or rootkits that’s commonplace today is compared with the adoption of antivirus and antispam hardware [respondent enterprises reported use of either or both], then such security technology is apparently rendered useless against rootkits.”

This makes the survey results nothing short of alarming.

The problem is made worse, Ingram said, because of a serious shortage of IT security skill sets available in Australia.

Enterprise workers are extremely dissatisified with the level of qualifications and training for IT security staff, he said. “Only a small percentage of respondents believe they are managing security practices well,” Ingram said.

“The use of security standards also has a low adoption in Australia.”

The good news from the survey is that Australia has seen the lowest level of Internet-based attacks in four years, with only 22 percent of survey respondents reporting an electronic attack that “harmed the confidentiality, integrity or availability of network data or systems.” The figure was 35 percent in 2005.

However, the discrepancy has been noted in the survey, which says the “reduction in electronic attacks, coupled with the reduction in the ‘readiness-to-protect’ factors, is a puzzling combination” that may be described by the increased sample poll to include sectors not as heavily reliant on IT, such as manufacturing.

The sample poll in the manufacturing sector increased 8 percent in 2006, from 11 percent in 2005.

Convictions still don’t measure up

Only 19 percent of all respondents (389 in 2006, 181 in 2005) who had reported a computer crime to law enforcement said it resulted in charges being laid.

Kevin Zuccato, managing director of the Australian High Tech Crime Centre, said 19 percent is a very good figure, considering what investigators are up against.

Zuccato said online security and policing needs to deal with hundreds of thousands of small crimes that collectively add up to a large figure as opposed to one crime that nets a profit.

He said 19 percent is a positive figure, given the additional challenges the Internet provides law enforcement when it comes to prosecution.

“With this type of offense, jurisdictionally and legislatively it is difficult to get the information and timeliness that we need and to be in a position to use the information as evidence,” Zuccato said.

“We are not talking about just protecting Australia, but an environment that has been created that sits beside the real world.

“Now, high-volume crime uses the Internet to propagate their environment, and criminals now want stealth so they are using rootkits as the latest thing.”

The stats in a nutshell

The survey drew 389 responses from both private and public sectors; 51 percent of respondents were from the public sector. Of the total, 42 percent of respondents worked in an organization earning between 10 million Australian dollars (US$7.59 million) and 100 million Australian dollars gross annual income.

• Trojan or rootkit infections: 60 percent in public sector, 40 percent in private sector.

• Average financial loss for electronic attack, computer crime or computer access misuse increased to 63 percent compared to 2005, averaging A$241,150 per organization. The 2004 average loss was A$153,245.

• Only 50 percent of companies increased IT security spending in 2006, compared to 68 percent in 2005 and 70 percent in 2004. Fifty-one percent of organizations that spent up to 5 percent of the IT budget on security thought this figure was inadequate.

• Only 47 percent of respondents use IT security standards (ISO 17799, etc.) compared to 65 percent in 2005.

• One respondent reported theft or breach of private data amounted to a A$40 million loss.

Keep checking in at our Security Feed page, or subscribe via RSS, for updated news coverage.

By Michael Crawford, Computerworld Today (Australia)