Ignorant botnets: Don’t become a ‘victim’ attacker
Cybercrime

Ignorant botnets: Don’t become a ‘victim’ attacker

The rising tide of DDoS attacks are hitting the news with alarming regularity. Yet if popular reports are to be believed there is only one victim: the person targeted in the incident.

In fact, this is not true at all. Numerous companies are actually perpetrating these attacks via employee machines they do not know are compromised. This could easily be your company and it could prove a lot worse for your brand than if you were merely the object.

“Everyone knows there is an attacker and a victim,” explains Aftab Afzal, SVP & GM EMEA at NSFOCUS IB, a specialist provider of DDoS mitigation. “However there is also the host – or hosts – which are often the infected or compromised devices of innocent users.

Malwarebytes CEO Marcin Kleczynski talks AV disruption and holding revenue to ransom with DDoS threats. Check out: DDoS-based ransom tipped to be future of cybercrime

 “One should also consider the networks of service providers and the impact to their users who are not under attack. In some of the really large attacks, even the available resources at internet exchanges can suffer and this can have a knock-on effect to national networks,” he adds.

 

Your brand will be tarnished if you launch an unwitting attack

Thomas Olofsson, CEO of Intelliagg a provider of cyber threat intelligence suggests: “A business that launches an attack unwittingly, or via a disgruntled employee, will of course attract brand, or possible legal damages against themselves. The victim however, whether they know immediately or not, can trace it back to a company or legal entity, and are then in a strong position to sue for damages.”

This is all extremely common place. As Dave Larson, COO at Corero Network Security puts it: “Compromised PCs and servers taken hostage as bots to be controlled for use in DDoS attacks are a dime a dozen.”

This situation is “compounded”, adds Larson, as “tracking back bot-infected machines utilised in DDoS attacks is quite difficult. [This is because] attackers spoof IP addresses or use reflection techniques in order to maintain anonymity.”

Ofer Gayer, Senior Security Researcher at Imperva offers two major examples which his company uncovered. In these cybercriminals used 900 CCTV cameras and tens of thousands of hijacked Small Office Home Office routers to launch attacks.

We consult a panel of IoT security experts to provide some insight on what businesses need to know: The IoT “time bomb” report: 49 security experts share their views

So, how does all this work in practice? Well, once a single machine has been infected it can act as a backdoor to access the company’s infrastructure.

 

Once compromised your network could become a DDoS attack machine

“The infected machine often operates as a bot, a type of malware that an attacker uses to take control of an infected machine in order to further spread malware or execute a DDoS attack. A group of bots controlled by the same host is called a botnet,” says Oscar Marquez, CTO of cloud security company iSheriff.

“Botnets are not only getting smarter but larger,” he adds. “In years past, a bot-herder or bot-master might have compromised 1000 machines with their bots but it takes a lot of processing power to command all these bots at once. A new technique attackers are using to work around this problem is grouping these large amounts of controlled computers into platoons and assigning a ‘lieutenant’ to each platoon.

“This way, the command and control centre sends out a request or update and it goes only to the lieutenant of each platoon. Then they have each of the members within the platoon randomly configured to check-in with the lieutenant to receive the updated information. This eliminates the need to directly control all 1000 machines by only sending the message out to the 10% to spread the word.”

 

Make sure you know how to spot malicious misuse of your network

The foot soldiers perpetrating the attack could easily be your work device. Adrian Crawley, Regional Director of the UK and Ireland at Radware – which places an emphasis on DDoS protection – warns: “If your computer crashes frequently, runs slower, fans are in overdrive while idling, experience issues with your web browser or access to certain websites is blocked, your computer might be part of a botnet and blacklisted.”

He adds: “Creating a botnet is actually very simple and easy to do. Most attackers can purchase Botnet starter kit, tutorials, and setup services on the Dark Web.

“One of the reasons that you see so many business machines compromised with malware and used to perpetrate the attacks is due primarily to their large user base. With every computer added to your network you are increasing your risk for an infection. At the root cause is unaware users who accidently click or open a malicious link that ultimately enlist their computer into the attackers’ botnet.”

This opens up the need for new ways to think about security. With innovative proactive monitoring companies, like Darktrace, utilising machine learning to add an extra layer of security for businesses.

“Legacy solutions are still good for mitigating the previous generation of attacks,” says Herve Dhelin, ‎Worldwide Marketing Director, at EfficientIP, a company focused on driving business efficiency across the spectrum. “But [they] are blind or no longer efficient when up against the new types of threats that can create dangerous false-positives for the business.”

These worst part is these threats do not look to decrease any time soon. In fact, the Internet of Things seems set to worsen this situation. “The IOT presents another 'attack service' for an entity to infiltrate your network or household,” explains Olofsson, of Intelliagg.

While Larson of Corero Network Security points out. “The average user of internet-connected devices, whether that be your smart home, smart appliances, smart car or smart office, does not typically pay close attention to software updates or critical patching schedules or, as a matter-of-fact quite understand how these devices are connected or sharing data.”

The answer, as with most security stories, is to stay vigilant. It is impossible to stop attacks from happening, and so even more necessary to stay aware of the risks.

PREVIOUS ARTICLE

«How business drones can be deployed way beyond delivery

NEXT ARTICLE

Mobile world: A global race is on to win at battery tech»

Most Recent Comments

Our Case Studies

IDG Connect delivers full creative solutions to meet all your demand generatlon needs. These cover the full scope of options, from customized content and lead delivery through to fully integrated campaigns.

images

Our Marketing Research

Our in-house analyst and editorial team create a range of insights for the global marketing community. These look at IT buying preferences, the latest soclal media trends and other zeitgeist topics.

images

Poll

Should the government regulate Artificial Intelligence?