The Battle Against Botnets (And What You Can Do)

While battling botnets sounds like an early ‘90s computer game, the kind that would have you jamming on the joystick while digitized Beethoven came muffling through your speakers, rest assured that battling botnets is actually a very contemporary undertaking, one that is growing increasingly important with each passing day.

We have now reached a point where the DDoS attacks coming from botnets are severe enough to be considered an act of war, and dangerous enough to leave hundreds of thousands of people without power. No wonder the US government has issued a report on what needs to be done in the battle against botnets.

An ugly evolution

Distributed denial of service attacks have been menacing the internet for decades, taking aim at websites, online services and businesses in the name of profit, competition, ransom notes, boredom, you name it. These attacks are nothing new, and for that matter neither are the botnets behind them.

However, putting together a botnet used to mean sneaking malware onto computers in order to allow an attacker to remotely control them. This meant dealing with anti-virus software and other security measures common to computers. Thanks to the increasing connectivity of our world, botnets now largely consist of IoT devices like routers, DVRs, CCTV cameras, smart home appliances and wearables. In the rush to market, the majority of smart devices simply weren’t designed with security positioned as a main priority. Additionally, the owners and users of smart devices don’t think to secure them the way they would their computers, and even if they do think to secure them, it often isn’t a readily apparent process.

As a result, cybercriminals and hacker groups working on behalf of nation states have easily put together botnets consisting of hundreds of thousands, even millions of devices. This has led to DDoS attacks of record-breaking sizes and increased attack capabilities, like the DDoS assault on a Ukraine power grid that left over 200,000 people without power for hours in 2015. An attack like that timed to take place during extreme cold could easily be deadly.

In addition to attacks on critical infrastructure, the current distributed denial of service landscape features election interference, coordinated attacks on financial institutions and government services, and broad attacks on the media. When state-sponsored, these attacks can now be considered an act of war under a North Atlantic Treaty Organization declaration, warranting retaliation both in the cyber realm or with traditional weaponry. That’s not even mentioning the day to day attacks that cripple businesses.

All in all, it’s probably about time the FBI and the US Department of Homeland Security started putting forth some ideas about how the growth of botnets can be slowed.

Executive orders

Last May, President Trump commissioned a report on strengthening the cybersecurity of critical infrastructure and federal networks, and a year later that report dropped with a heavy emphasis on what needs to be done about the botnet problem.

In short, the US Department of Homeland Security and the US Department of Commerce have outlined a four-pronged approach to enhancing the resilience of the internet against botnets and related threats. Firstly, internet infrastructure providers need to be more willing to share data as it relates to evolving threats, especially with smaller providers that may not have the security research and analysis resources the big players do. It’s also recommended that infrastructure providers explore the benefits of a move to IPv6.

Secondly, law enforcement agencies and the cybersecurity industry need to work together earlier and more often to better detect and prevent threats and more effectively manage incidents.

Thirdly, enterprises need to take responsibility for their IoT devices, securing what can be secured, isolating legacy devices that cannot be secured. Enterprises are also being asked to take responsibility for their DDoS protection and to take a look at their network architectures.

Fourthly, the manufacturers of connected devices need to develop these devices with security capable of resisting attacks throughout their entire deployment lifecycles. This means making security a prioritized design requirement, refraining from selling devices with known security flaws, following current security best practices and disabling features that are not relevant to operation, and including a mechanism for secure updates.

As for what you can do to help end the tyranny of botnets, it comes down to doing what you can to keep your devices secure. This means changing default credentials to complex usernames and passwords whenever possible, and regularly updating device firmware to ensure all security patches are applied. Further, if you have 30 seconds to spare, the FBI would like you to reboot your router – power it off, unplug it, plug it back in and power it back on. Even if you’ve already done it. Even if you don’t think your router got caught up in the Russian botnet the FBI is so concerned with. Reports have indicated that the malware is more powerful than originally thought and the botnet more widespread, so you might as well be on the safe side.