Cracking Down on Botnets Featured

Cracking Down on Botnets

Although there is no silver bullet solution for mitigating the risk of botnets, there are a number of helpful best practices.

“When deploying an IoT device of any type, the three most important questions need to be: Have we configured strong credential access? What is our update strategy for firmware changes? What URLs and IP address does the device need for its operation?” says Tim Mackey, senior technical evangelist at Synopsys.

“When IoT devices are deployed within a business environment, best practice dictates that a separate network segment known as a VLAN should be used. This then allows for IT teams to monitor for both known and unknown traffic impacting the devices. It also allows teams to ensure that network traffic originates from known locations.

“For example, if a conference room projector is accessible via Wi-Fi, the network the device uses should be restricted to only internal and authenticated users. Public access to the device should always be restricted. Following this model, exploitation of the device would then require a malicious actor to first compromise a computer belonging to an authenticated user.”

Norton by Symantec 728x90

Mackey says regular IT audits of IoT networks should then be performed to ensure only known devices are present, with the device identification mapped back to an asset inventory containing a current list of firmware versions and a list of open source components used within that firmware.

“This open source inventory can then be used to understand when an open source vulnerability impacting a library used within the firmware has a published vulnerability,” he says. “Armed with this information, a proactive update and patching model can be created for corporate IoT devices.

“Also, inspection of the firmware should identify what external APIs (application programming interfaces), URLs and services the firmware is configured to operate against.

“These endpoints should be confirmed with the supplier as legitimate with confirmation of their function. Once confirmed, the IoT network that the device associated with the firmware is configured for can then have firewall restrictions defined, allowing the IoT devices access only to their known API dependencies. These tasks should be considered part of an overall device access model consistent with the principles of zero trust.”

Spencer Young, regional vice-president for Europe, the Middle East and Africa at security firm Imperva, says the best way to discover and mitigate a botnet is to find its command and control (CnC) server. “The most effective way is to look into the communication between the CnC and its bots,” he says. “Once you start searching for exploit attempts, you can start to pick up possible indicators of a botnet.

“For example, if the same IPs attack the same sites at the same time whille simultaneously using the same payloads and attack pattern, it is fairly likely that they’re part of the same botnet.

“However, all initiatives to combat the growth of botnets through industry standards and legislation are likely to continue to occur only on a regional or country level. As far as industry-wide efforts go, it is hard to imagine a scenario in which a global security standard for botnet detection and defence could be agreed upon, applied and enforced.”

Smarthome 5% off coupon SMARTHOME5

Given the regulatory challenges and continued rise in the number of connected devices, botnet attacks are likely to keep increasing. Young says that as our devices evolve, both in terms of sophistication and connectivity, so will botnets. This, he believes, will mean that operators will be provided with more capacity and new, more advanced attack options.

So preparation is key, says Young. “To mitigate future attacks, all businesses must be prepared to defend against an attack when it arises,” he says. “Investing in the ability to parse your cyber threatscape, successfully identify botnet attacks and build an intelligent defence is not just a security concern – it’s a frontline business issue.”

If one thing is certain, it is that the threat of botnets will only increase as the connected ecosystem rapidly expands and new connected technologies enter the market. And while attackers will continue to find new ways to take control of networks and leverage botnets, there are clear ways in which IT practitioners and organisations can mitigate the risk here – most notably the issue of improving weak security mechanisms.

It may be that attackers are often one step ahead, but by being more proactive, security teams can also leapfrog ahead on occasions. 

Also see: Phishing Attacks: Avoid Losing Business Data

#cyberattacks #cybersecurity #cyberthreats

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.

back to top

Popular Cyber News

Top Tips to Protect Your Business Against Social Media Mistakes

Top Tips to Protect Your Business Against Social Media Mistakes

11 May, 2019

Don't let social media become the go-to platform for cybercriminals looking to steal sensitive corporate information or ...

Study Shows Extent of Cyber Risk

Study Shows Extent of Cyber Risk

10 May, 2019

A new study shows SMBs face greater security exposure, but large companies still support vulnerable systems as well. ...

How to Secure your Azure Storage accounts

How to Secure your Azure Storage accounts

14 May, 2019

Enterprise data is growing exponentially and becoming more complicated, making it harder to manage, and an even bigger c...

Vodafone is Challenging Huawei Report of Telnet 'Backdoor'

Vodafone is Challenging Huawei Report of Telnet 'Backdoor'

01 May, 2019

Vodafone is challenging a Bloomberg report that security vulnerabilities and backdoors within Huawei networking equipmen...

Malware: Doesn't need to be new to cause serious damage

Malware: Doesn't need to be new to cause serious damage

05 May, 2019

The good news is: The development of new malware exploits has slowed significantly.

Microsoft adds Plug and Play to IoT

Microsoft adds Plug and Play to IoT

03 May, 2019

Microsoft just announced that it wants to add the advantages of Plug and Play, which allows you to plug virtually any pe...

Twitch streamers take action to secure their accounts against hacks

Twitch streamers take action to secure their accounts against hacks

30 April, 2019

Twitch has an account hacking problem.

Over 22 billion IoT devices are out there

Over 22 billion IoT devices are out there

20 May, 2019

Enterprise Internet of Things (IoT) remains the leading segment, accounting for more than half of the market, with mobil...

Todays Cloud Security

Todays Cloud Security

06 May, 2019

Enterprise cloud security is making real progress, however emerging technologies call for security teams to keep up with...


Home Tech Reviews UK

Mobile Tech Reviews UK


Sign up to keep in touch!

Be the first to hear th latest Cyber and Tech News straight to your mailbox.

Check out our Privacy Policy & Terms of use
You can unsubscribe from email list at any time