Botnets are quickly becoming a security headache for CIOs. Compromising anywhere from a few thousand to well over a million systems, botnets are used by cybercriminals to take over computers and execute illegal and damaging activities including stealing data, gaining access to unauthorised network resources, initiating Denial of Service (DoS) attacks or distributing spam. Research from the Australian Media and Communications Authority (ACMA) indicates that there were 20,873 bot infections each day in Australia by late November last year; up from 11,650 just five months prior.
Today, botnets are primarily used as a backdoor into the enterprise. Once inside, hackers operate in silence and stay under the radar to steal as much information as possible before their presence is detected. Unfortunately, because bots are so stealthy, many companies aren’t aware when their computers have been infected and security teams often lack visibility into the threats that botnets create.
One such botnet threat in New Zealand was reported in a national ISP survey at the end of last year. About 55,000 New Zealand computers were compromised according to independent cybercrime watchdog Netsafe. Netsafe found that 45 percent of New Zealand ISPs monitored internet traffic for signs of compromised security, including botnets, and that it was probable that many of the 55,000 infected households would not know their connection was compromised by these zombie botnets.
The dynamic nature of these security threats mean that they can quickly change form based on a cybercriminal’s command with bot toolkits being sold online for as little as $500. Both of these factors show that unfortunately, botnets are here to stay.
The impact of bots
Understanding the impact that botnets are having is crucial to understanding how to protect your business from them. Last year, New Scientist reported that more than 4.5 million computers running Windows had been infected by the TDL-4 botnet. In addition, Check Point research has revealed that nearly half of IT security professionals have experienced an increase in malware attacks.
Malware is now big business and with cyber criminals no longer isolated amateurs, they are able to deploy a considerable amount of intelligence, time and resources in order to execute botnets that can cost businesses millions of dollars.
Organisations are facing a ‘zoo’ of malware types that result in a wide range of security threats, including viruses, worms, Trojans, spyware, adware and botnets to name a few. In addition, botnets are polymorphic in nature and can mimic normal application and traffic patterns – making it difficult for signature based solutions, such as anti-virus, to combat botnets alone.
How CIOs can tackle botnets
CIOs need to take a different approach to botnets, as traditional security measures are generally not doing enough to stop these threats. A multi-layered approach – a mix of software and a strongly ingrained security policy and culture within an organisation – helps prevent damages between infected hosts and remote operators.
The first step is to ensure your organisation has anti-bot software technology that integrates into every security system gateway. This multi-layered approach to bot prevention protects against malware threats.
Also integral to any kind of bot prevention is making sure that all channels of business communication remain secure and closed to external players. With multiple entry points to an organisation’s data, including browser-based vulnerabilities, mobile phones, malicious attachments and removable media, educating staff about the threat of botnets and how to prevent them is one of the most important ways to protect the business.
Future botnet attacks
While we don’t have a crystal ball, the coming years will see botnets continue to evolve. Rather than allowing attacks to happen, understanding the targets that cyber criminals have in mind will allow CIOs to prepare for such attacks.
In the past, it was assumed that most of the popular botnets were running on Windows machines, but this is no longer true today; Linux and Mac systems are not immune. New botnet variants are cross-platform and the industry should also expect to see more Apple, Android and other mobile based botnets pop up where they communicate to Command and Control servers (C&C) using 3G or wi-fi networks.
Employee use of social networks such as Twitter can allow a cybercriminal to set up shop quickly without incurring the expense of managing an entire server.
Unfortunately, CIOs will find that botnets are a cat and mouse game. Each time a new anti-virus releases a file signature, malware authors create new variants of the malware.
Fortunately, law enforcement, large corporations and security experts are starting to take things seriously and stop bots, such as the Rustock which lasted for five years and was been reported to have comprised anywhere between 150,000 to 2.4 million machines.
By bringing down the C&C servers, bot masters lose control over all of the zombie computers and prevent infection from spreading. While thousands of companies have already been targets of botnets, there are tools available to CIOs to protect their organisations and stop them from spreading.
By installing anti-virus software and having a strong IT policy that staff understand and are held accountable to, will help prevent employee social media usage from putting a business at risk.
The author is managing director of Check Point Software Technologies, ANZ
Join the CIO New Zealand group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.