The Insidious Danger of Botnets: They Are Everywhere. They Are Multiplying

June 1, 2018

Mike Spanbauer, Vice President of Research and Strategy, NSS Labs

By Mike Spanbauer, Vice President of Research and Strategy, NSS Labs
Mike Spanbauer said botnets drive attacks from DDOS to crypto-mining and crypto-jacking for coin mining. Attack targets are anything with a CPU. As for the impact of botnets: direct costs are high but the indirect effects are 10 times bigger.

The issue is that a Botnet is a large group of machines that are all centrally controlled, often by one threat actor or a function and through that central control can wreak great damage to any number of targets or opportunity – you know, value resources. So – and why they’re an issue is because ultimately Botnets are incredibly highly distributed, right?

Infections often leapfrog from one to the next via remote access kits or other means or, as you’re probably well aware, some of the vulnerabilities that have been disclosed over the last 24 to 36 months and obviously our race, as we’ve already talked about, with connecting devices to the internet, IoT and it’s whether consumer or commercial, have revealed – and directly connected access for criminals to compromise these nodes. So in the case of Mirai or other nets, they are, at the time of installation, the consumer is basically leaving pieces unconfigured, default passwords and with the vulnerability in place that allows me to easily attach, compromise, leave it and attach it to the greater network there.

So, at its core, it becomes a sinister mechanism that’s deployed globally. This is the root challenge, right? It’s not that you can take one specific instance, one infected machine. It is a group of elements all connected and for one particular purpose. By way of a bit of history, the number of Botnets that have become public over the last six to – five to 10 years are varied. These are just a handful of the most prominent Botnets by name that have been both been identified and the majority taken down over the last few years. So the – you know, the activities that Botnets ultimately drive vary widely, right?

It’s from simple denial of service, basically just a brute force overwhelming a particular resource and/or resources, such as the Dyn attack, where the name servers were taken offline and some very prominent websites/companies were affected by that, to cryptojacking/cryptomining, taking over the WordPress pages and the instances where they’re capitalising on your resources for their own profit, their own gain, mining coins.

Now, really the diversity of potential bots is any connected device that has some processor, some capability and ultimately a vulnerability with which they can install their code on and take advantage of the unit. At the bottom here, and this is particularly interesting and something we’ll talk about a little bit here on the panel is the economics.

So the direct effect of what a Botnet does to a specific target is costly, but it’s not just that the specific target is affected, but all the other services, indoor customers that in scope for disruption or an attack. Those costs, I mean, best measures, three, five, 10 x the direct effect and the economics are just incredibly scaled to the point where Botnets cost a great deal more than I think we even capture today.

So the questions we’re going to address and talk to some degree about are – so where are we right now? How do we get here? Then also the debate on what’s being done now? There are a considerable number of efforts, our panellist contribute to these today, of effective means by which Botnets are being addressed. Then we’ll talk a little bit about what does the future hold and where can we go from here?

Leave a Reply