Site icon GRASSROOTS ONLINE

Preventing your network from becoming a Botnet

Not having sufficient network protection may allow your organization’s devices to be part of the next cyber-attack explains Harish Chib, vice president, Middle East & Africa, Sopho

Botnets are large volumes of distributed networked computers and devices that have been taken over by a cybercriminal. Botnets, also referred to as bots, are usually taken over by malicious software to enable remote control by a threat actor.

They are set up and developed by a hacker to provide a powerful and dark, cloud computing network to conduct cyberattacks of a criminal nature.

The growth in mobile and network devices has created large scale social and productivity benefits for us. We can now remotely access computers, security systems, cameras, appliances, and a growing list of devices, interconnected with cloud. Collectively this is referred to as the Internet of Things or IoT.

A worrying aspect of the growth of Internet-connected devices is the absence of basic security precautions. Most end users rarely change factory defaults, which can be exploited by hackers to take control of the devices.

Another door for cybercriminals to take control of connected devices is called the back-door entry. This is a manufacturer’s access to the device through an undisclosed connection, used for remote testing and updates.

This large distributed, network of computers, under the control of threat actors, represents an aggregation of computing power that can be used for a devastating effect.

Inside the network

Malicious software designed to exploit IoT devices are usually not sophisticated. They operate by scanning network ports, looking for access opportunities, and gaining access through default credentials, or brute-force hacking to gain access.

This software is much easier to defend against, as it merely requires configuring the network firewall protection devices.

Similar to other malware, botnets can enter an organization through multiple points of entry. This includes email attachments, hacked web sites, connected sensors and other IoT devices, and USB sticks.

Once a malicious software has entered an organization, it will call home – the hackers command and control server – to register its success in gaining entry and to request further instructions.

It may be told to lie low and wait, or be instructed to move laterally on the network to infect other devices, or to participate in an attack. This attempt by the malicious software to call-home represents an opportunity to detect infected systems on the network that are becoming part of a botnet.

Once an attack has got underway, the attack itself can be difficult to detect. From a network traffic point of view, the device will simply be sending emails out as spam, transferring data or mining bitcoins, or performing DNS lookups and a variety of other requests, usually seen in large scale attacks. In isolation, none of these types of activities are noteworthy.

Building protection

The most important ingredient for effective protection from botnets is the organization’s network firewall. The following can help to get best protection from the firewall.

Best-practices

Botnets have a massive slowdown effect on the global Internet traffic. They can also have a devastating impact on an organization, if the objective of the attack is to steal sensitive information.

Even if the botnet operating on the organization’s network is not after its data, it could be using devices and network resources to cause devastating harm to another organization.

Do not let your network become part of the next global botnet attack.

Exit mobile version