Semalt: Understanding A Botnet's Activities Through Botnet Infiltration
Botnets are one of the biggest IT security challenges facing computer users today. Thousands of botmasters are working round the clock to evade security roadblocks developed by security companies and other concerned agencies.
Botnets
are one of the biggest IT security challenges facing computer users today.
Thousands of botmasters are working round the clock to evade security
roadblocks developed by security companies and other concerned agencies. The
botnet economy, in its complexity, is growing tremendously. In this regard,
Frank Abagnale, the Semalt Customer
Success Manager, would like to tell you about an awesome practice by Cisco
computer company.
In
a recent study by a Cisco security research team, it was found out that there
are botmasters who are making up to US$10,000 a week from bot activities. With
this kind of motivation to individuals who'd be interested in getting their
hands into the crime, billions of unsuspecting computer users are at a greater
risk of the effects of botnet attacks.
The
Cisco research team, in their research, aimed at understanding the various
techniques botmasters are using to compromise machines. Here are a few things
that their efforts helped to discover:
Beware of Internet Relay Chat (IRC) traffic
The
majority of botnets use Internet Relay Chat (IRC) as a command-and-control
framework. Source code for IRC is readily available. Thus, new and
inexperienced botmasters use IRC traffic to spread simple botnets.
Many
unsuspecting users don't understand the potential risks of joining a chat
network, especially when their machine is not protected against exploits by
some form of Intrusion Prevention System.
Importance of an intrusion detection system
An
intrusion detection system is an integral part of a network. It keeps a history
of alerts from a deployed internet security management tool and allows for the
remediation of a computer system that has suffered a botnet attack. The
detection system enables the security researcher to know what the botnet was
doing. It also helps to determine what information has been compromised.
All botmasters are not computer geeks
Contrary
to the assumption of many, running a botnet doesn't require advanced computer
experience or expert knowledge of coding and networking. There are botmasters
who are really savvy at their activities, but others are simply amateurs.
Consequently, some bots are created with more proficiency than others. It's
important to keep both types of attackers in mind when designing defenses for a
network. But for all of them, the prime motivator is getting easy money with
minimal effort. If a network or machine takes too long to compromise, a
botmaster moves
on to the next target.
Education importance to network security
Security
efforts are only effective with user education. System administrators usually
patch exposed machines or deploy an IPS to protect the machine from exploits.
However, if the user is not well informed on the various ways of avoiding
security threats such as botnets, the effectiveness of even the latest security
tools is limited.
The
user needs to be constantly educated about safe behavior. This means a business
has to increase its budget on user education if it is to reduce its
vulnerability to hosting spam servers, data theft, and other cyber threats.
Botnets
often occur as oddities in a network. If traffic from one or several machines
in a network stands out from the others, the machine(s) could be compromised.
With an IPS, it's easy to detect botnet vulnerabilities, but it's important for
the user to know how to detect alerts yielded by security systems such as the
IPS. Security researchers should also stay alert to notice machines that share
a certain odd behavior.
Gabung dalam percakapan
Silakan berkomentar dengan bijak. Setelah anda mampir dan berkomentar, saya akan berkunjung balik. Jangan meninggalkan link hidup ya :)
Jika ada yang ingin ditanyakan, silakan kontak saya
+Email : eko.dony.prayudi@gmail.com
+Telp/WA : 0819 - 3210 - 9497
+IG/Twitter : @dodon_jerry