Verizon report: Botnets pose big problems for businesses

The online threat environment continues to evolve, according to analysis from researchers for Verizon Wireless. These experts evaluated breach information from virtually every industry and compiled an exhaustive report detailing the numerous developments currently unfolding within the data security space. The researchers found evidence of more than 53,000 attacks and approximately 2,200 large-scale breaches, an estimated 73 percent of which were orchestrated by outside actors. Hacking and malware deployment were the two most common tactics. Health care organizations, food service companies and public utilities absorbed a large portion of the recorded strikes. And, more than half of all victims were classified as small businesses.

The aforementioned data points largely align with most industry data. However, among the startling yet unsurprising insights covered in the report, the researchers at Verizon touched on an ascendant black hat tool poised to cause major disruption in an online era dominated by internet of things and cryptocurrency technology: the botnet. The nefarious device networks affected businesses in every populated nation in the globe in 2017. More than 90 percent of attacks involving botnets targeted financial institutions. Enterprises managed to address these strikes within one month of detection. Unfortunately, a large number failed to detect the presence of botnet malware, with some playing host to hackers for as long as 200 days without mitigation.

Sadly, this activity is likely to continue for the foreseeable future as more companies adopt corruptible connected devices and explore cryptocurrency. Underground online marketplaces will further contribute to the problem, facilitating the distribution of sophisticated botnet technology capable of causing massive outages, according to Kaspersky Lab. With these variables in mind, enterprise information technology teams must work quickly to shore up their defenses, especially those related to the cutting-edge innovations botnet-equipped cybercriminals are known to target.

Botnets are crashing servers everywhere.
Botnets are crashing servers everywhere.

Understanding an age-old threat
Botnets are nothing new. In fact, the technology dates back to 1999, when data security specialists encountered the Pretty Park worm and the SubSeven Trojan, Trend Micro reported. The former attack vector was relatively benign, infiltrating email clients to self-replicate and message itself to preconfigured contacts, according to Symantec. While Pretty Park could be leveraged to overwhelm email servers, it could do little else. The SubSeven Trojan, on the other hand, was far more serious. Hackers were able to use this nefarious program to take over host computers and execute commands of any kind, the analysts at the SANS Institute reported. These attack vectors startled data security experts and laid the groundwork for increasingly complex malware capable of facilitating the creation of large botnets.

In 2002, cybercriminals debuted the SDBot and Agobot scripts, which were the first commodifiable pieces of botnet malware. The creators could sell the source code for this software and effectively arm anyone with some rudimentary coding knowledge with impactful hacking tools. By 2007, there were numerous advanced botnet-building programs available, many of which boasted features such as key logging and spam distribution modules.

The threat continued to progress for the next decade. Then, during the summer and fall of 2016, perhaps the most damaging botnet attack to date unfolded. In August of that year, data security analysts took notice of a growing botnet nicknamed Mirai, according to an industry research report published by Google. In September, the hackers wielding the expanding constellation of growing devices executed their first two attacks distributed denial of service attacks against the French cloud hosting company OVH and the website for well-known data security journalist Brian Krebs. On September 30, 2016, the Mirai creators published their original botnet source code online. Three weeks later, on October 21, 2016, they pointed the botnet at Dyn, a widely-used DNS provider. The attack crippled online operations for numerous Dyn clients, including The New York Times, Reddit and Twitter, taking down a massive portion of the internet for users located on the East Coast. The botnet had at its disposal 200,000 to 300,000 enslaved devices during the attack.

For the following three months, authorities searched for the author. Mirai turned out to be the handiwork of a college student at Rutgers University in New Jersey and two of his friends, Wired reported. The trio had originally crafted the botnet malware in an effort scam users of the popular computer game "Minecraft." However, after seeing its self-replicating potential, the three decided it could be used in more significant ways and released the source code on the underground online marketplace, essentially offering a potent botnet for hire. For between $5 and $50, scrip kiddies rent out parts of Mirai, which was capable of monitoring the web for internet-enabled devices with stock security settings and hijacking these fixtures. 

The FBI was able to take down Mirai and capture its creators but the self-replicating code structure became a mainstay in the hacking community, along with the botnet-for-hire business model. Now, cybercriminals are capitalizing on the brief existence of Mirai, using the network as an attack template for strikes involving IoT assets and other burgeoning technologies.  

Taking advantage of ascendant IT innovations
Enterprise IT teams have access to a number of new technological tools, starting with IoT devices. These assets are transforming organizations in every industry. Manufacturing firms are affixing industrial sensors to shop floor equipment to ensure optimal performance, utility companies are adopting mobile applications to streamline field activities and professional service firms are embracing mobility strategies such as bring-your-own-device to boost productivity. In all, businesses worldwide are expected spend more than $772 billion on IoT initiatives in 2018, according to research from the International Data Corporation. By 2020, that figure is expected to surpass the $1 trillion-mark, at which time over 20 billion connected IoT items will be active across the globe, Gartner reported. 

The aggressive push for IoT adoption makes sense considering the potential of the technology. However, these devices come with risks – namely, lax built-in data security defenses, according to analysts for Malwarebytes. These vulnerabilities make it possible for hackers wielding Mirai-like botnet malware to break in and do as they please.

Cryptocurrency is another revolutionary technology that both possesses great potential and poses a serious threat to the businesses that embrace it. The market for digital tender continues to grow at an accelerated pace, The MIT Technology Review reported. In total, the space is worth $54 billion and looks poised to move forward as enterprises invest in decentralized currency or move into the popular cryptocurrency mining space, a $610 million niche that is projected to expand to more than $38 billion by 2025, according to analysts Coherent Market Insights. Unfortunately, hackers are too looking to profit off of the rise of cryptocurrency, albeit by illegal means.

Cybercriminals are now pirating thousands of computers and installing legitimate cryptocurrency mining software that allows them to commit fraud on a massive scale, also called cryptojacking. The Smominru botnet is the most prominent example, ZDNet reported. The botnet, which appeared in May 2017, was composed of roughly 526,000 surreptitiously commandeered Windows servers and managed to illegally mine more than $3.6 million in Monero coin before it was disabled. Sadly, these powerful botnets are likely to appear more often due to the underground online marketplace, where anyone can purchase a group of pre-wrangled zombified computers for $20, according to Ars Technica    

Defending enterprise infrastructure
How can businesses combat the continued forward momentum of botnet technology and adequately protect innovative IT infrastructure? For businesses with IoT workflows, there are multiple strategies that can help reduce the likelihood of their devices becoming ensnared in DDoS attacks. For example, simply reconfiguring the security credentials on new connected devices can prevent hackers from breaking in with botnet malware – as can data security awareness training. When it comes to protecting networks against DDoS strikes, enterprises should develop and deploy mitigation plans, and partner with external service providers to configure defensive services, according to the International Data Group.

Organizations adopting cryptocurrency have several options as well. Training is the best defense as most miners begin operations by loading scripts on to user computers via phishing, IDG reported. However, advanced cryptojacking techniques that leverage automated code require more technical solutions, including specialized cryptojacking protections services and mobile device management software.

These innovations have generated a renewed zeal for botnet malware in the hacking community, as shown in the Verizon report. With this in mind, organizations considering IoT or cryptocurrency adoption should consider shoring up their defenses. The strategies discussed above are viable solutions for firms with up-to-date IT capabilities. However, businesses behind in the are should think about embarking on IT modernization before taking on new technology, especially those inherently vulnerable to attack. The Inventu Corporation can help with such efforts.

Our innovative Flynet Viewer simplifies screen integration, easing the modernization process while meeting employer and staff expectations in a way that feels both familiar and simple. Review our product page to learn more about the Inventu Flynet Viewer and the other solutions in our extensive portfolio.