14 DAY TRIAL // According to a recently published study, Turkey recorded a larger number of infections with Sality and Gameover Zeus when compared to the 28 European Union (EU) member countries.
The research, conducted by CSIS Security Group in Denmark, showed that in the case of both botnets, Turkey recorded more infections per 1,000 users with Internet connection than the average of all EU countries in the Q1 period of the year.
In the case of Sality, the number was 4.8 times higher, while for Gameover Zeus the amount of affected computers was 1.2 times larger.
It is important to note that 47% of Turkey’s population is connected to the Internet, a percentage that is way under the numbers for Denmark or Netherlands, where 96% of the citizens benefit from this service.
Compared to Germany, “Turkey has 37 times more Sality and 1.6 times more Zeus Gameover infections per 1,000 users,” says the report from researcher Stefan Frei.
The comparison of the data from the two countries has been done because they both have roughly the same population but differ as far as Internet connectivity is concerned, the Germans enjoying the service being about twice more than the Turks.
As far as the cybercriminals' preference for attacking Turkey, the reasoning is pretty simple as the country does not yet benefit from proper cyber security, which makes it a weaker target offering an increased success.
One piece of evidence for this is that “Turkey has more than twice the marketshare of the outdated and insecure Windows XP operating system when compared to Germany,” according to the report.
The number of Gameover Zeus infections alone reported by CSIS for Turkey is 91,286, while for Sality the figure is 65,244.
The organization noted that in the first quarter of 2014 6.6 million IP addresses of computers affected by the two malware families connected to their sinkholes. The requests came from over 200 countries.
From these, between 1,000 and 1,500 Sality-laden machines in Turkey sought instructions on a daily basis.
CSIS warns that enterprises have to be take into consideration that some of the clients they do business with may have been compromised by malware and, as such, there is the risk of their own infrastructrure getting infected.
“Enterprises should respond to a breach with a well defined process rather than considering it to be an exception,” write the researchers. Moreover, their efforts for increased security should include a partnership with industry players for improving real time intelligence as far as the risk are concerned.