Advertisement

Cracking Down on Botnets

Cracking Down on Botnets

Although there is no silver bullet solution for mitigating the risk of botnets, there are a number of helpful best practices.

“When deploying an IoT device of any type, the three most important questions need to be: Have we configured strong credential access? What is our update strategy for firmware changes? What URLs and IP address does the device need for its operation?” says Tim Mackey, senior technical evangelist at Synopsys.

“When IoT devices are deployed within a business environment, best practice dictates that a separate network segment known as a VLAN should be used. This then allows for IT teams to monitor for both known and unknown traffic impacting the devices. It also allows teams to ensure that network traffic originates from known locations.

“For example, if a conference room projector is accessible via Wi-Fi, the network the device uses should be restricted to only internal and authenticated users. Public access to the device should always be restricted. Following this model, exploitation of the device would then require a malicious actor to first compromise a computer belonging to an authenticated user.”

Advertisement
Norton by Symantec 728x90

Mackey says regular IT audits of IoT networks should then be performed to ensure only known devices are present, with the device identification mapped back to an asset inventory containing a current list of firmware versions and a list of open source components used within that firmware.

“This open source inventory can then be used to understand when an open source vulnerability impacting a library used within the firmware has a published vulnerability,” he says. “Armed with this information, a proactive update and patching model can be created for corporate IoT devices.

“Also, inspection of the firmware should identify what external APIs (application programming interfaces), URLs and services the firmware is configured to operate against.

“These endpoints should be confirmed with the supplier as legitimate with confirmation of their function. Once confirmed, the IoT network that the device associated with the firmware is configured for can then have firewall restrictions defined, allowing the IoT devices access only to their known API dependencies. These tasks should be considered part of an overall device access model consistent with the principles of zero trust.”

Spencer Young, regional vice-president for Europe, the Middle East and Africa at security firm Imperva, says the best way to discover and mitigate a botnet is to find its command and control (CnC) server. “The most effective way is to look into the communication between the CnC and its bots,” he says. “Once you start searching for exploit attempts, you can start to pick up possible indicators of a botnet.

“For example, if the same IPs attack the same sites at the same time whille simultaneously using the same payloads and attack pattern, it is fairly likely that they’re part of the same botnet.

“However, all initiatives to combat the growth of botnets through industry standards and legislation are likely to continue to occur only on a regional or country level. As far as industry-wide efforts go, it is hard to imagine a scenario in which a global security standard for botnet detection and defence could be agreed upon, applied and enforced.”

Advertisement
Smarthome 5% off coupon SMARTHOME5

Given the regulatory challenges and continued rise in the number of connected devices, botnet attacks are likely to keep increasing. Young says that as our devices evolve, both in terms of sophistication and connectivity, so will botnets. This, he believes, will mean that operators will be provided with more capacity and new, more advanced attack options.

So preparation is key, says Young. “To mitigate future attacks, all businesses must be prepared to defend against an attack when it arises,” he says. “Investing in the ability to parse your cyber threatscape, successfully identify botnet attacks and build an intelligent defence is not just a security concern – it’s a frontline business issue.”

If one thing is certain, it is that the threat of botnets will only increase as the connected ecosystem rapidly expands and new connected technologies enter the market. And while attackers will continue to find new ways to take control of networks and leverage botnets, there are clear ways in which IT practitioners and organisations can mitigate the risk here – most notably the issue of improving weak security mechanisms.

It may be that attackers are often one step ahead, but by being more proactive, security teams can also leapfrog ahead on occasions. 

Also see: Phishing Attacks: Avoid Losing Business Data

#cyberattacks #cybersecurity #cyberthreats

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.

back to top

Top Cyber News

Telia tracks network data for smarter cities in northern Europe

Telia tracks network data for smarter cities in northern Europe

28 March, 2019

It uses aggregated, anonymised phone data to monitor crowd patterns.

Fibre reacts autonomously for the first time to changing net conditions

Fibre reacts autonomously for the first time to changing net conditions

06 March, 2019

The live field trial showcased fibre optic transmission systems autonomously adapting to changing network conditions in ...

Cryptominers Still Top Threat but Coinhive's Shutdown Could Change That

Cryptominers Still Top Threat but Coinhive's Shutdown Could Change That

12 March, 2019

Coinhive has remained on top of Check Point Software's global threat index for the last 15 months. ...

Just under half of A.I. start-ups in Europe have almost nothing to do with A.I., research finds

Just under half of A.I. start-ups in Europe have almost nothing to do with A.I., research finds

05 March, 2019

Nearly half of the companies in Europe that call themselves AI start-ups don't in fact use artificial intelligence, a ne...

Blockchain spending in Europe will be $800 million this year

Blockchain spending in Europe will be $800 million this year

01 April, 2019

The findings were published in IDC's latest Worldwide Semiannual Blockchain Spending Guide. ...

Cyber Threats can target 20% of home PCs running worldwide: Says report

Cyber Threats can target 20% of home PCs running worldwide: Says report

12 March, 2019

According to the intelligence gathered from Avast Threat Detection Database, one in five home PCs running worldwide ar...

Categories

External Links

About Us

Follow Us