by Paul Comessotti and Kellman Meghu
Botnets are one of the most significant network security threats facing organizations today. Compromising anywhere from a few thousand to well over a million systems, botnets are used by cybercriminals to take over computers and execute illegal and damaging activities – such as stealing data, gaining access to unauthorized network resources, initiating Denial of Service (DoS) attacks or distributing spam.
Botnets are here to stay. There is no more static malware; botnets in nature are dynamic and can quickly change form based on the cybercriminal’s command. With bot toolkits being sold online for the mere price of $500 and their attacks costing businesses millions of dollars – it gives people insight into how big the problem has become.
It has been estimated that up to one quarter of all personal computers connected to the internet may be part of a botnet. In 2011, it was reported that the TDL Botnet infected more than 4.5 million computers and approximately 100,000 unique addresses per day. In addition, the industry saw nearly half of IT security professionals experience a dramatic increase in malware attacks because of the following reasons:
Malware is big business
Cybercriminals are no longer isolated amateurs. They belong to well-structured organizations that resemble terrorist cells – with money, motivation and goals. They can deploy considerable intelligence, time and resources in order to execute botnets that can cost businesses millions.
Information has become a hacker’s gold mine. However, financial information is not the only valuable data worth stealing. We see a rise in attackers looking more for general customer information and less for specific billing or credit card data. Such information can be very lucrative for hackers, enabling them to customize future attacks or spam campaigns and increasing the likelihood of their success. Imagine, for example, emailing 500,000 people with a proposal to buy some product. If only one person out of 1,000 orders your product, that’s already 500 new orders. Now, imagine the latent profit that a spammer can make with 70 million email addresses.
As an example of how powerful a botnet can be, the “Rustock” botnet’s bot army was generating up to 14 billion spam emails per day before it was dismantled byU.S. federal law enforcement in March 2011.
Rise in sophisticated threats
Organizations are facing a “zoo” of malware types that result in a wide range of security threats, including viruses, worms, Trojans, spyware, adware and botnets to name a few. These are all tools used by cybercriminals in Advanced Persistent Threats (APTs), where individuals or organizations are specific targets for attack. In addition, botnets are polymorphic in nature and can mimic normal application and traffic patterns – making it difficult for signature based solutions, such as Antivirus, to combat botnets alone. Businesses need a multi-layered approach to effectively mitigate the bot threat.
Numerous attack vectors
There are multiple entry points to breach an organization’s existing defenses, including browser-based vulnerabilities, mobile phones, malicious attachments and removable media to name a few. In addition, the explosion of Web 2.0 applications and social networks being used as business tools are giving hackers a huge opportunity to lure victims to clicking on malicious links or “malvertising” – malicious advertisements running on legitimate websites.
(Next installment: Botnets and future threats)
Paul Comessotti is Canadian regional director; Kellman Meghu is Canadian security manager, Check Point Software Technologies