Fifty-six percent of the malware discovered by the Solutionary Security Engineering Research Team (SERT) was found in the U.S. in the second quarter, . This is a 12 percent increase from the fourth quarter of 2013. Of the Internet service providers (ISPs) hosting malware, 10 of them hosted about half of all malicious software in Q2 2014. Forty-one percent of hosted malware came from the Amazon ISP.

U.S. Home to Majority of Malware
The U.S. continues be the major source of hacking software. This is due in part to the fact that Amazon hosts so much of the malware in existence, in addition to many of the top 10 ISPs at home in the U.S.

Smaller ISPs have also been targeted for hosting malware. Chad Kahl, a SERT analyst said that "jumping from ISP to ISP has been a common tactic to provide cover and obfuscation, and add complexity to forensic investigations for many years," .

Many Servers Still Unprotected from Heartbleed Attacks
The Heartbleed Bug continues to be a problem for many servers using older versions of Secure Sockets Layer (SSL) – an Internet protocol - that haven't been updated yet. This puts them at risk for being hacked. To extract data using the Heartbleed Bug, cybercriminals must send "millions" of requests, according to the SERT report. The attack could therefore be seen as an attempt at doing a Denial of Service Attack (DoS), in which thousands of requests are sent to a server to overload its ability to function and shut it down. Thus the extraction of data may go unnoticed.

US Building Laws to Protect Its Citizens
Cyberbreaches are still a major dilemma for people who regularly access sites that are at risk for being hacked. These sites might store someone's personal data such as credit card info or medical history. But the U.S. has begun the process of passing state laws that will require businesses to notify customers when they are hacked, .

Even if these laws are passed, it can still be a long time before companies realize they have been hacked. In the above example about Heartbleed, companies may not realize data has been stolen because the hacking attempt has been masked. Additionally, hacking victim Target did not realize for some time that it had been subject to a data breach. People must continue to remain vigilant against attacks no matter what laws are passed.

Leave a Reply