Functionality of communications networksPublished 16.10.2015
The functionality of communications networks has been high during the first half of the year, with the number of extensive failures being relatively low. The number of malware observations increased significantly in August 2015 due to the spreading of Nymaim.
There have been changes in malware observations this year compared with 2014. In 2014, clearly the most typical malware observation concerned the downloader-type ZeroAccess. In 2015, the spread of ZeroAccess has decreased but it still remains the fifth most common type of malware. Correspondingly, the second most common malware of the previous year, Citadel, is in the 15th place in 2015.
Nymaim, which spread in August, is emphasised in observations made in 2015. Solely on the basis of observations made in August, Nymaim has become the most general malware of the year. Nymaim is a downloader, i.e. its purpose is to download other malware onto the victim's computer, such as encrypting ransomware, banking malware or spyware. The second most general malware of the first half of the year is Conficker, which was detected already in 2008 but is still fairly common in Finland. The third place in observation statistics is held by incorrectly installed SSDP services that have been utilised in DDoS attacks to increase the volume of network traffic.
Observations are based on information collected by the Autoreporter service of NCSC-FI. In addition to actual malware observations, the reported figures are affected by changes in the data sources from which Autoreporter collects its information. Save the graph data as a CSV file
Figure: Malware observations in January–August 2015
Communications networks and services operated well in the first half of 2015. Even though a few significant disturbances were observed in June, the total number of faults has not deviated from normal.
The number of significant disturbances affecting at least 100,000 people remained nearly unchanged compared with the corresponding period of last year. There were only four of such class A incidents during the first half of the year. Incidents of the highest severity level (class A) concern hundreds of thousands of users, class B incidents are directed at tens of thousands of users, and class C incidents involve thousands of users. Save the graph data as a CSV file
Figure: Faults and disturbances in communications networks in 2011–2015
The most extensive disturbances were avoided because there were no major storms. Usually, natural phenomena increase the number of faults during the latter half of the year due to autumn storms. There were 14 class B and 43 class C incidents.
Faults were mainly caused by network modifications and upgrades. The second largest cause was power failures. Hardware failures caused 11 and excavation work three faults. During previous review periods, network modifications and power failures have been the most significant causes of faults. Save the graph data as a CSV file
Figure: The causes of faults in communications networks in 2013–2015
HAVARO is an information security violation detection and alert system directed at companies and operators for whom supply security is critical. Between January and August 2015, the HAVARO system made a total of 1,800 red observations. Red observations indicate that the system has observed harmful traffic, which points to a likely information security breach in the organisation.
Most observations concern utilisation attempts made using mass distribution platforms, utilising vulnerabilities in web browser add-ons (Adobe Flash in particular). A malware mass distribution platform is a program code which is run on a network server and utilised by criminals, the purpose of which is to install specific malware on the user's computer. The best way to protect against such attempts is to keep the browser and any add-ons updated at all times.
This article is a part of FICORA's Communications Sector Review 3/2015.