attack strategies, and ruthlessly roaming the web in search of
their next big score.
Every manner of sensitive information, such as confidential
employee records, customers’ financial data, protected medical
documents, and government files, are all subject to their
relentless threats to
cybersecurity[1].
Solutions span a broad spectrum, from training email users to
ensuring a VPN kill switch[2]
is in place, to adding extensive advanced layers of network
protection.
To successfully guard against severe threats from hackers, worm
viruses to malware, such as botnet attacks, network managers need
to use all tools and methods that fit well into a comprehensive
cyber defense strategy.
Of all the menaces mentioned above to a website owner’s peace of
mind, botnets[3]
arguably present the most unsettling form of security risk. They’re
not the mere achievements of malicious amateur cybercriminals.
They’re state-of-the-dark-art cyber-crafts. What’s most rattling
about them, perhaps, is their stealth, their ability to lurk around
seeking vulnerabilities to exploit invisibly.
How Do Botnets Work?
Proliferating botnets is not one of the more straightforward
strategic hacking weapons. Botnets are subtle data-extracting
malware. They infiltrate networks, unauthorisedly access
computers, and allow malware to continue operating without
disruption for users, while they steal data and funnel it outside
the victim network and into awaiting “botmasters,” evading
detection throughout the process.
What Can You Do to Stop Botnets?
The front line of cyber defense has got to be manned by people —
real people working at their computers, doing their everyday tasks
in the office.
The best defense against ever-evolving threats is to educate the
users who are the perpetrators’ prime targets. These particular
front lines span the spectrum of web interactions, from email to
social media.
It’s recommended to implement a strategy that incorporates as many
of the following approaches, from some basics to more sophisticated
solutions, as practicable for your organization:
1. Be Sure Your VPN Has a Kill Switch in Place
A virtual private network (VPN) allows users to access confidential
information by connecting to the VPN via the public network. Your
VPN provider should have a VPN kill switch in place to keep
sensitive data, such as your IP address, from inadvertently being
transmitted through an unsecured connection.
2. Develop a Robust System to Capture and Block Fraudulent
Emails
A business email compromise is such a common attack strategy that
it has its own acronym, and the numbers of BEC scam
incidents are continuously rising. This kind of attack is tough
to defend against.
- Solutions to BEC detection and elimination require effective
classification and policies for blocking suspicious email senders,
content, and attachments. - Install defensive gateway web tools such as WebSense, McAfee,
to help block receipt of email from undesired sources and block
requests from being sent out to addresses that are reputed to be
possible sources of malware.
3. Build a Culture of Diligent Defense Against BEC
Social manipulation is reportedly among the most common methods
criminals use to wage attacks on email accounts.
reflex for many busy users. So, shore up the security of your
system by:
- Expecting users to open email attachments, even if your
organization has an official policy, buried in a handbook
somewhere—maybe about thinking before clicking and more prominently
promote the policy. - Provide training and frequent updates to employees on their
options for helping network security, for example, using strong
passwords[6]. - Teach users how to obtain help and to use real-time solutions
to isolate and avoid the kinds of attacks that exploit network
users. - Teach users to be diligent in reporting suspicious emails.
Include examples of email attacks and simulations in your training,
to help people learn to identify attacks, and provide extra support
for users whose accounts appear to be the most vulnerable.
4. Switch to Manual Software Installation
It could be unpopular advice, but some organizations should disable
the automatic installation of software via the AutoRun feature
based on their threat landscape.
Disallowing AutoRun from automatically installing software can
help prevent a computer’s operating systems from indiscriminately
launching unwanted commands from unknown external sources.
5. Enable the Windows Firewall
Installing the Windows firewall is fundamental for baseline
protection against incoming security threats. Users may want to
disable the Windows firewall to prevent it from blocking network
connections they want to make.
If your networked computers have alternative adequate firewall
protection, then it may be preferable or even necessary to disable
the Windows firewall.
The critical point here is to have appropriately configured
firewall protection in place.
6. Compartmentalize Within the Network
Consider network compartmentalization. In today’s work
environments, many, perhaps most, computer stations have to
communicate with one other between departments, often many times
daily.
However, limiting or eliminating that ability for machines that
don’t need that kind of broad access can go far in helping stop
botnets from spreading throughout your network.
- To the extent possible:
- Minimize your network’s risk by forming virtual local area
networks (VLANs). - Use your access control list (ACL) filters to restrict access
to objects and limit threat exposure.
7. Use Data Filtering
Botnet malware
usually works by establishing interactions with at least one remote
command-and-control server, which hackers also use to extract
sensitive information illegally.
To block the malicious interactions and thwart the criminal
activity, use data filtering on information exiting your
network.
Some viable approaches include:
- An egress content filtering tool can be applied, forcing the
flow of your organization’s web traffic through the filter and
prevent information from exiting your organization’s network. - A data loss prevention (DLP) solution can also be used to
monitor unauthorized accesses and breaches, stopping them from
leaking information.
8. Break Domain Trust Relationships
Eliminate password trusts to regain tighter control over your local
accounts. Cautiously controlling your local administrator account
is essential to cutting off threats and eradicating them.
Inactivating the automatic ability of computers to interconnect
shuts off the route used by botnets to circulate through an
internal network.
In networks, where some or many computers contain highly
sensitive data, this can provide a secure alternative to defend
against botnet attacks.
9. Employ Additional Layers of Prevention
Put additional layers of protection to help prevent botnets from
ensconcing themselves in your system, focus on shoring up the
network, for example, at specific points of contact that are
especially vulnerable, such as routes from certain hardware or
software components.
A couple of things to keep in mind:
- Host-based intrusion detection systems are exceptionally
efficient, but they’re also expensive, and typically difficult to
deploy successfully. - These tools cannot correct gaps or other existing technical
deficiencies in an operating system.
10. Enhance and Increase Network Monitoring
Closely monitoring the network, information on how connected users
are operating within an organization, arms network defense
solutions significantly.
Having a deeper understanding of how everything and everyone is
ordinarily interacting makes it much easier to detect unusual
activity quickly when a botnet or other malware intrusion has
begun.
- Ideally, 24-hour monitoring of network activity should be the
policy, employing data collection tools that detect anomalous
behavior and block attempts to infiltrate the system. - Consider pricing remote cybersecurity services, to provide the
extent and quality of network
monitoring[8] equipment and expertise
that may be more than in-house IT facilities and/or staff alone can
provide around the clock.
11. Control Network Accesses with Proxy Servers
Creating a supporting exit point through which Internet access can
be monitored creates reinforcement for monitoring efforts. Routing
outbound information through a proxy server can head off
cybercriminals’ attempts to circumvent your network security.
Filtering content through a proxy server is a practical option
for most networks, although, of course, it may not be realistic to
stop every bit of potentially problematic outbound information.
12. Apply the Least Privilege Principles
Generally speaking, access rights should be based on the needs of
the users’ functions. Having an administrator that is not the same
person as the user of a particular workstation makes it much more
difficult for malware to be spread by downloading.
It also makes it harder to use AutoRun tactics to exploit a
system. It further makes it more challenging for perpetrators to
spread malware from one infiltrated computer workstation to others
by employing a user’s network account credentials.
13. Monitor Responses to Domain Name System Queries
Maintain monitoring of workstations’ queries to DNS servers is
an excellent approach to identifying symptoms of botnet
infiltration. For example, monitor for low time-to-live (TTL).
Unusually low TTL values can be an indicator of botnet
penetration. By carefully monitoring for low TTL, your systems
administrator can take action to counter the attack and eliminate
botnets before the infestation spreads.
14. Stay Informed of Emergent Threats
Keep yourself and your IT team apprised of new local, national, and
global cyber threats that begin sweeping across regions. For
example, reportedly, the incidences of cybercriminals using URLs in
emails to infiltrate internal networks were much higher than
perpetrators’ use of attachments.
More generally, a staggering percentage of the successful thefts
of information from internal networks over the past year has been
through the use of botnets.
Staying up to date with news on new and evolving cyber-threats
is the first order of activity network management professionals
must consistently maintain, to be effective in protecting an
organization’s system.
Going Forward More Securely
To protect the people who’ve trusted you with their sensitive
personal information, protect your organization from liability, and
protect your brand’s reputation, you need to defend on all fronts.
Use the above and other strategies, methods, and tools for
ensuring that you maintain an effective defense against
cyber-attacks waged through email, mobile access points, social
platforms, and any other media.
As mentioned, botnets now account for a vast percentage of
cybercrime. Using the approaches discussed above can go far in
helping construct a fortified cybersecurity framework that can be
scaled for any network budget and size.
References
- ^
threats to cybersecurity
(www.fcc.gov) - ^
VPN kill switch
(surfshark.com) - ^
botnets
(www.us-cert.gov) - ^
access computers
(www.us-cert.gov) - ^
BEC scam incidents
(thehackernews.com) - ^
using strong passwords
(thehackernews.com) - ^
Botnet malware
(thehackernews.com) - ^
network monitoring
(transition.fcc.gov) - ^
DNS servers
(thehackernews.com)
Read more http://feedproxy.google.com/~r/TheHackersNews/~3/aF-sRUU0wz0/botnet-malware-attacks.html