Cyber attacks launched or directed through botnet are not new, but they are growing and are a growing threat.
A recent Russian botnet masquerading as a proxy service compromised millions of devices worldwide, giving cybercriminals access to stolen Internet accounts until federal authorities shut it down. Attacks that occur on a large scale in this way can have devastating effects. Indeed, botnets represent one of the main methods attackers use to gain access to networks and systems, so it’s vital to take steps to mitigate botnet attacks wherever your employees work.
The economics of botnets have also had a significant impact on the number of attacks. Large networks of compromised computers and devices over the Internet can be used to launch multiple attacks against a wide variety of targets. Our research shows this Botnet DDoS attacks
growing with a 14% increase in attacks since 2019. Overall, 69% of Comcast Business customers experienced DDoS attacks, up 41% from 2020, and 99% experienced repeat attacks.
Botnet attacks are a serious threat because they are deployed in large numbers and are constantly evolving. The host’s underlying computing systems are spread across thousands of different owners, and shutting down botnets requires careful coordination between law enforcement, hosting providers, and network operators.
Additionally, botnet resources can be repurposed, creating an indirect black market. Cybercriminals trade botnet assets and use them for different types of cyberattacks depending on where they can make the most money. Essentially, botnets have become an interchangeable asset for organized crime.
Botnet DDoS attacks present a challenge for security teams
The rapid shift to telecommuting has provided convenience and efficiency, but it has also created new opportunities for threat actors. Corporate networks are more vulnerable when accessed using an unsecured work-from-home environment; personal computing devices are not always protected; and the use of video conferencing software by remote workers is becoming an easy target, according to the FBI.”Cybercrime Report 2021.”
DDoS attacks are sudden and can penetrate business systems even if they are protected by firewalls. Endpoint protection tools such as antivirus cannot protect against DDoS attacks, which are difficult for security experts to detect even after a complete failure. Local DDoS prevention equipment is expensive and still leaves the uplink vulnerable to network saturation.
When these attacks occur, their effects include server crashes, unresponsive applications, and network outages that take businesses offline for legitimate users. Simply put, DDoS attacks cost victims significant time, money, and brand reputation.
Mitigating and protecting against botnet attacks
Defending against botnets requires a multi-layered defense-in-depth approach. The first line of defense includes network security controls that maintain a global IP reputation database of known malicious IP addresses and domains, as well as compromised systems owned by botnets.
Ask security vendors how they block network connections using IP reputation. On average, 10% to 15% of global malicious IP addresses change daily, so confirming that your provider provides frequent updates is critical to ensuring effective botnet protection. Assess the size and reputation of your security vendors’ threat intelligence research team, and the sources and size of their IP and domain reputation databases.
The second line of defense requires detecting network traffic based on protocol behavior and session flow. Current detection methods use a combination of machine learning algorithms and threshold countermeasures.
The challenge for defenders is that botnets can launch multiple types of attacks. The network behavior that ransomware exploits exhibit is different from brute-force credential harvesting or click fraud that occurs on e-commerce web servers. Therefore, the layered defenses required to prevent botnet attacks will vary based on the risks for each individual business.
For example, today’s botnet DDoS attack patterns have multiple vectors, are short in duration and high in intensity, as highlighted in the 2021 Comcast DDoS Threat Report. This makes DDoS detection an extremely difficult task for security personnel, who must detect problems within minutes, but only have seconds to react before a failure occurs.
Create a multi-layered cybersecurity plan
Basic cybersecurity hygiene is critical to protecting against the threat of botnets. Frequent and continuous vulnerability scanning, configuration hardening, and an organized patch management policy are key steps to prevent your host systems from falling victim to botnets.
Next, organizations should implement network access controls, multi-factor authentication, and zero-trust policies for users, making it more difficult for attackers to gain access to your network or host computers. Finally, ongoing employee training on how to identify suspicious activity, such as phishing attempts, and what steps to take in the event of a breach can reduce botnet attacks.
Botnet attacks are here to stay, so it’s important that users and businesses assess their systems, partner with the right vendors and service providers, and implement a cybersecurity program with executive support to protect themselves from attacks.