Application security, Application security, Threat Management, Malware, Ransomware, Security Strategy, Plan, Budget

Sleeping giant, botnets pose threat as ransomware attacks decline

While ransomware attacks are making headlines and are even on the decline according to some reports, researchers warn botnets may soon pose a greater threat.

Botnet operators are capable of using their malicious networks to execute virtually any task with a success rate of close to 100 percent, according to a June 7 ESET security blog post. These task could be anything from sending spam, distributing ransomware, carrying out DDoS attacks, or cheating advertising networks, or mining Bitcoin, all of which could change on a whim.

The biggest threat botnets pose however, is the potential for its operators to encrypt every single computer within the botnet. Concerning an infected device, the botnet could attempt to break into the device owner's bank account or steal any credentials it can glean from network traffic.

Botnets are also becoming harder to detect to improve resiliency and have abandoned the simplest client-server model and have switched to the P2P (Peer-to-Peer) model where bots perform as both server and client, the report said.

The Mirai botnet was a good example of the potential for truly frightening levels of damage that a botnet could carry out, ESET security researcher Lysa Myers told SC Media.

“Due to the timing of this threat's escalating attacks, my first thought upon hearing about so many sites going down was how this tactic could easily have been used by a nation state actor to seriously disrupt retail operations (and thus the economy), or news sites, or crucial government functionality in the days leading up to the election,” Myers said.

“The potential for mayhem that's available to a huge bank of computing devices being used for malicious ends is bigger than the average person may realize, but that's not an easy thing to communicate, especially without paralyzing people from taking action to protect themselves.”

Experts agree, a recent PhishMe report noted, that ransomware-as-a-business seems to be preparing to enter the next stage of innovation and that rising tide of botnet malware is on the horrizon.

And while ransomware is profitable, the financial advantages of botnets include those of ransomware and many other options.

“The value of an infected endpoint goes beyond the collection of online banking credentials,” PhishMe Chief Technology Officer Aaron Higbee told SC Media. “Commanding access and control allows the owners to lease time relaying spam, selling denial of service attacks, logging keystrokes in hopes of gaining passwords or other sensitive information, or even reselling access into a high-value-network.”

Higbee added that if the botnet owner grows tired of maintenance and administration, they can always cash out by deploying ransomware to the botnet itself.

“As ransomware settles into its corner of the market, some botnet malware users have renewed their efforts to claim their share,” the report said. “Highly adaptable and multifunctional botnet malware varieties grew in usage by 69.2 perecent through the first quarter.”

Researchers also noted a surge of botnet malware in the first quarter of the 2016 however, of the top 10 malware of that year, Kovter was the only botnet that made the list.

It will take efforts from public and private sector fronts in order to address and protect ourselves from the potential threats these threats pose.

“Regulations will only go so far, and there are a lot of people out there who don't yet have the expertise to adequately protect themselves,” Myers said. “Security efforts to share details of bigger threats have been very helpful to dismantle botnets, but right now there are a lot more of ‘them' than there are of ‘us.'”

She went on to say everyone will be needed to combat and protect ourselves and that people should do their research on IoT devices as many of them are unsecure. Higbee agreed.

“One of the arenas in which threat intelligence has proven valuable is in the identification of infrastructure utilized to carry out botnet activities like the distribution of phishing email,” he said. “Every day, visibility into the nature of online attacks and the resources used to facilitate them grows.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.