The year 2016 was certainly notable for Locky and the rise of ransomware, but these last months our attention has been drawn to a fundamental element of the underlying criminal cyber infrastructure — botnets.
In July, major attacks using LizardStresser, a distributed denial-of-service (DDoS) botnet using IoT devices, were launched by the Lizard Squad DDoS group. In August, we learned of the first Android-based, Twitter-controlled botnet. September ended with the announcement that cybercriminals had published the source code for a Trojan program called Mirai, designed to infect IoT devices and use these devices to build botnets and launch DDoS attacks. The malware itself was previously in use by a handful of criminals (with hundreds of thousands of IoT devices already infected), but with its public distribution cybercriminals around the globe now have an easy method to build even more botnets. Botnet highlights in October included the use of a 100,000-device strong botnet to attack the DNS provider Dyn, ultimately bringing down dozens of well known Internet services, including Airbnb, Etsy, Pinterest, Amazon, PayPal, Twitter, and Netflix, as well as major news outlets, and ISPs, such as Comcast and Verizon.
Using data from Cyren’s own massive GlobalView security cloud, which collects and analyzes over 17 billion pieces of threat data daily, Cyren researchers discovered over hundreds of thousands of malicious DNS, email, and web activities originating from a single botnet.
Add to all of this the Necurs botnet—which we have tracked delivering Locky and Dridex malware and which has “switched off” twice in the last few months, giving the impression that it was offline (but wasn’t...)—and the world of botnets looks less like run-of-the-mill cybercrime and more like a season of Breaking Bad.
In today’s world, everything from laptops and routers to DVRs and security cameras are at risk of becoming cogs in the larger botnet wheel. In fact, a recent KPMG study of mid-sized companies found that 93% were living with bot infections. The botnet’s zombie army of co-opted devices are able to use the machines’ combined computing power to significantly affect an organization’s operations, with impacts ranging from loss of revenue and business reputation, to problems with regulatory compliance and a reduction in customer confidence. Botnets can affect any individual, business, organization, or government through myriad means: targeting the entity through DDoS attacks or using company computing resources and bandwidth to launch attacks on others, stealing trade secrets or client/employee identity information, inserting malware into source code, or compromising a system’s overall data integrity.
Today every organization needs to ensure that they have security in place which has the depth and breadth of threat intelligence and the multi-layered defenses necessary to disrupt — at several levels — these modern clone armies of cybercrime. To get up to speed on botnets, check out our new threat report Botnets: The Clone Armies of Cybercrime.
Want to learn more about cloud-based email & web security? Contact us here!