Beware the botnet lurking unseen on your computer

Defined as “a collection of internet-connected devices, including PCs, servers, mobile devices and Internet of Things (IoT) devices that are infected and controlled by malware”, these botnets will frequently infect an entire system while the owner or company remains completely unaware of their presence.

Botnet controllers are used by cyber-criminals to send out spam and ransomware, launch distributed denial-of-service attacks, commit e-banking fraud and attempt felony.

According to the Spamhaus Botnet Threat Report 2017, from the international non-profit organisation that tracks spam, phishing, and cyber-related threats, there are block listings for more than 9,500 botnet servers on 1,122 different networks.

Spamhaus saw listings increase by over 40% in a single year, and more than 90% since 2014.

“Looking forward to 2018, there is no sign that the number of cyber threats will decrease,” the Spamhaus report noted. “The big increase of IoT threats in 2017 is very likely to continue in 2018. We are sure that securing and protecting IoT devices will be a core topic in 2018,” it said.

Bill Hull, risk assurance principal at PwC in the US, invites us to imagine this scenario:

“Somewhere, a James Bond villain is quietly building a network of sleeper cells that can be activated at a moment’s notice and targeted to take out computer networks, power grids, communications, and other critical infrastructure. Now imagine tens of thousands of such secretive Bond villains armed with up to 80 billion sleeper cells.”

Such is the enormous risk presented by the IoT, which analysts expect will encompass up to 80 billion connected devices by 2020.

“Without robust and up-to-date security and privacy protections, connected devices could potentially become vulnerable recruits for hackers, cyber-criminals, and state-sponsored cyber-soldiers, who can turn them into attack resources capable of inflicting catastrophic damage. This isn’t Hollywood hyperbole, it is already happening,” said Mr Hull.

In December 2015, an attack in Turkey affected bank networks, media communications, and government agencies.

Later the same month, attackers staged the first known cyber-attack on a power grid, cutting power to 230,000 people in Ukraine while also disrupting phone lines to complicate recovery efforts. In October 2016, a multitude of botnet-infected cameras, routers, and similarly compromised IoT devices carried out a massive distributed denial-of-service attack, resulting in an extended access blackout of major internet platforms and services across Europe and North America.

In May and June 2017, further attacks using the WannaCry and NotPetya viruses infected more than 200,000 computers across 150 countries, disrupting the operations of several multinational companies.

Some 8% of all bad bot traffic comes from mobile devices, according to a report from Distil Networks, a specialist in bot mitigation, website security, and IT protection from automated threats.

A report, ‘Mobile Bots: The Next Evolution of Bad Bots’, examined requests from 100 million mobile devices on the Distil network from six major cellular carriers during a 45-day period.

The company found that 5.8% of those devices hosted bots which were used to attack websites and apps — equating to 5.8 million devices humming away with activity that their owners know nothing about.

“The volume was a surprise,” said Edward Roberts, senior director of product marketing at Distil Networks. One of the more common avenues for such attacks is email.

According to the recent 2018 Email Security Trends report by Barracuda, 87% of IT security professionals have admitted their company has faced some kind of threat via email in the last year.

And the most common reason for a system becoming infected? The all too human sense of curiosity to open that email that looks wrong.