Botnets wreak havoc

Read time 3min 10sec
ITWeb Security Summit 2014

The tailored tracks at the ITWeb Security Summit 2014 cover a wide range of topics, empowering information security professionals to select sessions of particular relevance to their roles within the enterprise. ITWeb Security Summit 2014 takes place from 27 to 29 May at the Sandton Convention Centre. Book your spot now.

Botnets have become one of the most dangerous and prevalent forms of cyber criminal attacks and the damage they cause can range from information theft, to malware infection, to fraud.

That's according to Gregory Anderson, SA country manager at Trend Micro, who notes that when the news headlines warn of yet another botnet incursion, another security risk for the business to beware of, they rarely explain what precisely these botnets are or why they are such a threat.

He explains that a botnet is a lot less complex than the name sounds. The word "bot" comes from "robot" and a botnet is used to describe a network of bots, or zombie computers that have been accessed by a command and control (C&C) server controlled by remote administrators and used to undertake malicious activities such as spamming, distributed denial-of-service (DDoS) attacks and malware spreading, says Anderson.

The computers that form the basis of this network can be anywhere in the world, including within your organisation, he warns.

According to Anderson, Sub7 and Pretty Park are the two malwares that are widely believed to have been the first to introduce the concept of the botnet in the late 1990s, and since then they have evolved from a simple, and devastating, attack vector to a sophisticated tool.

He reveals that some of the worst cyber incursions of 2013 came about as a result of botnets like Download, Data-broker and SpyEye, all gaining access to extremely sensitive information and data.

"While the way in which they are initially introduced into a system may vary, botnets all have the same end goal of using the resources of the targeted enterprise to, well, target the enterprise," says Anderson.

"Last year, the list of attacks saw many big names hitting the headlines as their security systems were breached and their information and money spirited away by their own technology."

He also notes that not all attacks are directed at high-profile organisations either, adding that botnets are indiscriminate and if cyber criminals know about your line of work and if you have data, finances, infrastructure or information that holds value, then you will likely be a target.

It is also worth noting that often one business will be accessed through a botnet to become a stepping-stone to the real target, and anything that they want to take along the way will be theirs, he states.

"So, the question isn't if you'll be targeted, but when, and how you can defend against it? The first, best, line of defence is awareness."

Anderson believes gaining an understanding of how botnets work and what vulnerabilities they prey on means that you are able to construct the right levels of security to protect against it. Be aware of the threats that exist and any new ones that are on the horizon and ensure that your security is regularly updated and patched, he urges.

Trend Micro has recently unveiled a Micro Global Botnet Map that allows anyone to see active C&C servers and bots across the globe. It reveals how systems are tied together, the affected countries and the number of victims associated with each server.

In the 14 days since its launch on 14 January 2014, the map has discovered 9 787 active C&C servers and 8 400 687 botnet connections.

Have your say
Facebook icon
Youtube play icon