Cybersecurity
Cybersecurity Insights North America

Most Prevelant Bot Infections in Financial Service and Energy Sectors Reported By LookingGlass

LookingGlass Cyber Solutions, a company providing actionable threat intelligence, has released two new reports identifying and summarising vulnerabilities, exposures, and botnet infections currently seen across the financial services and energy sectors. These sector-level reports also identify which items have the most pressing ties to Russian nation-state or affiliated threat actors.

Leveraging LookingGlass’ external attack surface monitoring solutions, the reports feature the following across both critical infrastructure sectors:

  • A US heatmap of the sector’s cybersecurity vulnerabilities and exposures.
  • Most prevalent verified vulnerabilities.
  • Significant exposures that violate cyber best practices.
  • Most prevalent bot infections.

The reports move beyond assumptions about the cybersecurity posture of US critical infrastructure and highlight key cyber risks that need to be addressed.

The Financial Services report shows a significant number of infections across the sector.

While Minerpanel, a botnet associated with cryptomining, is most pervasive across financial services at 27 per cent, the depth of Sality – a botnet associated with the Russian actor group SALTY SPIDER that is currently infecting 13 per cent of the sector – is highly concerning.

“Sality has been tracked to a cyber-criminal group believed to be operating out of Russia, and we can’t overstate how dangerous it is,” said David Marcus, senior director of cyber intelligence at LookingGlass. “Malware like this allows threat actors to prey on an organisation’s network beyond simply using their resources, including exfiltrating data and executing remote code. Sality can wreak the sort of havoc that’s detrimental to your business and others unless remediated.”

The energy sector also has widespread Minerpanel and Sality infections, at 12.55 per cent at 11.87 per cent, respectively. However, the most prevalent bot infection is Pony (Ponyloader), seen in 20.65 per cent of energy institutions. Pony has been highly successful at stealing usernames and passwords as well as loading additional malware onto infected machines. In 2014, Pony was attributed to stealing more than 700,000 credentials, including more than 800 Remote Desktop credentials.

“As geopolitical tensions mount and nation-state threat actors continue weaponising their cyber capabilities, US critical infrastructure must take proactive measures to identify and address their vulnerabilities and exposures,” says LookingGlass CEO Gilman Louie. “There’s never been a more pressing time for these organisations to improve their cybersecurity posture. Based on our findings, I would urge critical infrastructure organisations to immediately update and patch their systems to fix these issues.”

Author

  • Francis Bignell

    Francis is a journalist and our lead LatAm correspondent, with a BA in Classical Civilization, he has a specialist interest in North and South America.

    View all posts

Related posts

Ahead of Number 10’s press conference today, OakNorth Bank calls for initiatives that the Government should immediately put into effect to support British businesses through the Covid-19 crisis  

Manisha Patel

E-commerce Fraud Expected to Rise 18% In 2021 New Research Finds

Tyler Pathe

Cybersecurity: The Future of Password Security

Polly Jean Harrison