Remove botnets’ freedom to operate and manage botnet risk

Written by: Francesco Trama | Published on: December 7th, 2018

About The Author

Francesco Trama
As Chief Executive Officer and Founder, Francesco is responsible for the overall operating performance, leading the strategic direction of the company’s products and solutions internally while building technical and business credibility externally as a market-facing thought leader.

Botnet RiskThere are plenty of news articles claiming botnets and zombie computers are taking over the world.  While I do not necessarily agree with the allegation, I believe whole heartedly botnets are the driving force of all attacks. Botnet risk is at it’s all time high.

By hook or by crook, the first goal for any attacker is to grow a viable base of operations. The fact of the matter is no adversary is going to break into your network using their living-room computer. Their very freedom depends on them staying anonymous.

Because bots are vital to all operations, there is plenty of time and resources put into this area. It can consist of bot for hire, or they can create their own home-grown malware. If you think of state sponsored attackers, there are teams of folks dedicated to sustaining a viable bot network.

Think of the new crazy today, of self-propagating worms that spread like unimpeded wildfire, the fact is todays worms are multi purpose-built. The attacker, via many different delivery methods, detonates software on the victim’s computer to perform the tasks as instructed. This could include:  opening network doors for the attacker, transferring data, encrypting files, spamming your contacts malware, breeching nearby computers, or simply sit dormant for any given period of time.

Botnet challenges continue

Botnets are well-known in the security arena so there are plenty of eyes on this problem. The challenges continue to be geography, time to discovery, and staying in front of this systemic problem.

While we all can get some decent bot and proxy list, the fact is we know very little as to where they will be at any given time. Many of these worker bots are only used for short periods for specific tasks, while others are decoys used as sacrificial lambs.

If we eliminate, or drastically reduce the operating space of these attackers, their ability to execute attacks freely diminishes. This jeopardizes their ability to stay anonymous, causing them to take more risk and puts their chances of imprisonment more likely.

Removing the freedom to operate, removes the opportunity and manages risk.