How to Prevent a Botnet Attack from Compromising Your Busines

[harlan4096]

The Effects of a Botnet Attack on Your Organization Explained

If you’re one of our regular readers, you may have grown accustomed to our article series that address today’s most common cyber threats targeting organizations. In today’s blog post, I’m going to take a look at how a botnet attack affects your business and also offer you a protection guide against it.

What is a botnet attack?

A botnet is a group of infected machines, which are coordinated through a command and control server. Simply put, botnets are networks of machines used to attack other machines. As the collection of bots grows, there will be a high amount of computer and storage power available for malicious actors to use. And when bot malware is running on an endpoint, it has as much access to the resources of the machine as its user does.

Some botnets also act as droppers and plant a secondary payload (for example, they are able to initiate ransomware payloads later on).

Botnets and stealth oftentimes go hand in hand. It will always be in a malicious hacker’s interest that the victim isn’t aware of the infection so that the botnet stays available for the longest time possible.

How do botnets spread?

A botnet’s propagation strategy essentially determines its development, laying the foundation of bots for further exploitation. Once an attacker has compromised a machine on a network, there is a possibility that all vulnerable computers on that network become infected.

And more recent technologies, such as the IoT, have some unique vulnerabilities that make them desirable targets.

IoT networks are becoming an important part of our digital world. Their sensor networks are different from conventional networks, in the sense that sensor devices are low powered and sometimes even use batteries as their energy source. Thus, due to their power restrictions, these constraints mean devices have limited processing capabilities, which often lead to poor cybersecurity. And oftentimes, IoT devices also can’t be remotely patched, and therefore are left vulnerable.

Mirai, one of the biggest DDoS botnets ever seen

Through major distributed Denial of Service Attacks (DDoS), back in 2016, Mirai disrupted many high-profile websites such as OVH, Dyn and Krebs on Security. According to OVH, these attacks exceeded 1 Tbps—the largest on the public record. What’s more, as reported by Bleeping Computer in March 2019, a new Mirai variant with 27 exploits targeting enterprise devices had been spotted. And this time, apart from its normal targets (routers, network video cameras, and wireless controllers) this particular Mirai version identified during January 2019 was also scanning for and exploiting LG Supersign TVs and WePresent WiPG-1000 Wireless Presentation systems, found in enterprise environments.

Back to the present day, the Mirai IoT botnet remains in power, still representing one of the biggest threats to IoT.

How do botnets spread?

Botnets are capable of spreading in both active and passive ways.

In order to spread passively, botnets require some form of user intervention. For example, some websites that run JavaScript can become infected and then they pass on the malware to the website’s visitors. Botnets can also be spread through social engineering campaigns.

Actively, botnets spread without the need for user intervention. In this case, a botnet has an inherent mechanism to find other hosts on the Internet to infect. For instance, they scan for hosts that have known vulnerabilities that can be exploited.

Why is it so difficult to stop botnets?

Throughout the years, fighting and preventing botnets has proven to be a never-ending task. In short, the main reason seems to be the lack of communication between the cybersecurity industry and the government, as pointed out by a joint report issued by the U.S. Department of Homeland security and the Department of Commerce. Here is what the report highlights:

* Botnet attacks are a global problem, which means that increased collaboration between international entities is highly required.

* Prevention tools are neglected. Even though tools that can prevent a botnet attack are available, most organizations and individual users are not aware of them, want to keep their costs as low as possible, are not being given any market incentives to deploy them, or don’t have sufficient technical expertise.

* Not all products are secured during every single stage of their lifecycle. A lot of devices are left vulnerable due to various reasons, such as the lack of patching, they are still being used even though they are no longer supported by vendors, or are even released on the market with existing vulnerabilities.

* Users are lacking education. Unfortunately, both employees and home users sometimes have insufficient knowledge on how to prevent botnets. This is why cybersecurity awareness training should be mandatory to everyone.

* Market incentives are not effectively aligned. At this time, market incentives are not properly aligned to reduce threats. And “product developers, manufacturers, and vendors are motivated to minimize cost and time to market, rather than to build in security or offer efficient security updates”, the report suggests.

* Botnet attacks are part of an entire ecosystem. As noted by the paper, “No single stakeholder community can address the problem in isolation”.

How to protect your organization against botnets and spot attacks in time

Once a botnet becomes part of your organization, it can result in a DDoS attack, which will take your company’s website down. At the same time, botnet attacks can capture entire email threads in spam campaigns for later reuse and of course, an increased spam activity will slow down your network.

So, how can you stop a botnet attack from infecting your organization? In a nutshell, the most effective approach will always come in layers. Below are the main ones you should consider:
...

Continue Reading