Guidelines for a 'Bot' free Network
While bots are often being used to automate repetitive online interactions, their talent to imitate actual system files and superior hiding ability has resulted in the use of bots as tools of covert manipulations.
In the digital world, zombies are compromised computers connected to the Internet by a hacker and are used to carry out malicious tasks remotely. Generally, zombie computer owners are unaware about their system being used in such offences. The recent attacks on the Census servers were also reported to be initiated by using Zombie computers.
Impact of a Bot
According to wired.com, an estimated 500 million computers fall prey to botnet attackers annually, which are about 18 victims infected per second. While the TheatMetrix’s network was able to detect about 450 million threats in the first quarter of 2016, 40 percent of them were reported to be from mobile devices. Since the mobile devices are increasing around the globe, attackers are also developing botnets that can hack mobile devices.
The recently originated bots such as Kelihos, Ramnit and Chameleon are reported to be highly destructive and capable enough to bring down any organizational systems. Some of these bots are also capable enough to propagate through the Point-to-Point networks. To create a large network of zombies, hackers will more often seek to install bots and be in command of thousands of computers aiming for a mass cyber attack. They probably get installed automatically by an unsuspecting user or spreads via vulnerable network systems opening the backdoor for cybercriminals. Once a bot successfully gets into a network, like most of the modern viruses, they camouflage efficiently making it hard to detect.
Tackling the Bots
Identifying an infection is the prime part of tackling any virus or malware infection. Infections can be suspected during an unnatural system slow down or uneven network traffic traced in the firewall log. The Windows Task Manager application can assist in identifying applications that does not belong to the Windows base files or that consumes higher amount of system resources. There are also several anti-botnet applications available in the market like Phrozensoft Mirage Anti-Bot, Norton Power Eraser, the Kaspersky DE-Cleaner and the Bot Revolt. While the Phrozensoft Mirage Anti-Bot tool blocks data communication with an inbuilt list of harmful web sites, the RUBotted has a list of both known and unknown botnets and can efficiently clean infected machines. The Norton Power Eraser and Kaspersky DE-Cleaner claim to be able to remove botnets that are even deeply embedded.
An application like Bot Revolt can be installed for better security as they can penetrate deep into the networking codes and can continuously monitor all inbound communications. The software also claims to scan automatically every .002 seconds for malicious communications.
Since the technologies are developing daily, just anti-botnet applications are not enough to thwart attacks. A regular root-kit scan, proper firewall, and port scanners are inevitable today. Maintaining a good network baseline and regular documentation of firewall logs are recommended best practices to identify any cyber attacks.
Guidelines to Deal with a Botnet
• An updated Antivirus is the sole gatekeeper of every network. Be sure that the Antivirus that is used is effective and fully updated. Perform a complete virus scan regularly.
• Always use encrypted password protection for both home and office computer networks. A firewall is perfect companion to the Antivirus in helping block attacks from hackers.
• Practice safe Web browsing habits. Avoid clicking on malicious Web links and pop-up windows.
• Always employ a strong 3D password that is at least six characters long and be sure to change the passwords frequently.
• Make sure that computers have the most recent Windows updates especially the security patches.
• Check the bank and credit statements regularly for unusual activities.
The users should be cautious about email attachments as a spam mail could launch a malicious file. The internet being an ‘unsafe place’ an unfamiliar web site or downloading of an unknown software file can be the sole reason for a bot infection. The malicious files not only spread through the Internet but also via portable storage devices like CD’s or USB drives. Implementing strict policies against using unidentified storage devices on corporate systems are among the highly recommended security perimeters.
Botnets are evolving as the most sophisticated cyber security threats today. The cyber attacks nowadays are being launched in a highly sophisticated strategic approach, centrally managed by a mastermind system. As part of a legitimate concern for corporations, individuals, and government units, threats of this magnitude have to be avoided at all costs.
By Chris Tjotjos, VP, Cisco Solutions Practice, Black Box...
By Laura Jackson, Sr. Manager-Risk Management, ABS Consulting
By Jason Cradit, VP of Information Systems, Willbros Group
By Steve Garske, Ph.D., Senior Vice President & Chief...
By Roman Trakhtenberg, CEO, Luxoft
By Renee P Wynn, CIO, NASA
By Mike Morris, CIO, Legends
By Louis Carr, Jr., CIO, Clark County
By Andrew Macaulay, CTO, Topgolf Entertainment Group
By Dominic Casserley, President and Deputy CEO, Willis...
By Dave Nelson, SVP-Portfolio Lead, Avanade, Inc.
By Michael Cross, SVP & CIO, CommScope Holding Company Inc.
By Pauly Comtois, VP DevOps, Hearst Business Media
By Dan Adam, CIO, Extreme Networks
By Matt Schlabig, CIO, Worthington Industries
By David Tamayo, CIO, DCS Corporation
By Scott Cardenas, CIO, City and County of Denver
By Marc Kermisch, VP & CIO, Red Wing Shoe Co.
By Brian Drozdowicz, VP, Digital Services, Siemens...
By Les Ottolenghi, EVP and CIO, Caesars Entertainment