Cybersecurity is a shared responsibility, which affects us all. We must start from this assumption of responsibility to fully understand a phenomenon that undermines the society in which we live.
Organizations take away valuable time and resources from theirs every day core business to defend themselves and remedy cyber attacks. However, by relying on dozens of complex, often unconnected tools, companies remain in danger as cybercriminals can exploit this gap.
In this scenario, security teams are engaged in an arduous struggle to respond adequately to the ever-changing nature of threats and the profile of cybercriminals, while the most experienced security professionals are always few in the job market.
For this reason, it is increasingly necessary for companies operating in the field of cybersecurity to take on the task of making cyberspace safe, and the news a few days ago that Microsoft has dismantled a large operation carried out by groups hacker that could have influenced the US presidential elections in November should be read in this light.
The dismantled network was called Trickbot and it was a so-called "botnet", that is a network of devices infected with malicious software that, in this case, had reached over a million devices. Through the spread of "ransomware", that block a computer asking for a ransom, these networks can interrupt some processes related to the vote, such as electronic ballots or consultations of the electoral lists but not only.
Le botnet have become one of the major threats to security systems today. They are increasingly used by cybercriminals because they allow them to infiltrate almost any device connected to the Internet, from a DVR player to corporate mainframes.
Many cybercriminals use botnet to do cryptojacking, i.e. the illegal mining of cryptocurrencies on third-party computer systems. This is an increasing trend whereby more and more computers will be infected with malware di mining and more and more digital wallets will be stolen.
In addition to being dangerous tools of political persuasion e cryptojacking, botnet they are a threat to businesses and consumers because they spread malware, attack websites, steal personal data and defraud advertisers. In short, the botnet are clearly a big deal, but are we sure we know exactly what they are and how do they work? And how do you protect your devices and personal data? The first thing to do is to understand how they are made. At that point, we can learn how to secure our devices.
Meaning of botnet
To better understand how it works, let's try to give a definition of botnet. The term "botnet" is the fusion of the terms "robot" and "network". In general, the botnet they are just that: a network of robots used to commit cybercrime. The cybercriminals who control them are called botmaster o bot herders which, technically, means "herdsmen", underlining how the effectiveness of one botnet depends on its extension.
Size of a botnet
To create a botnet, the botmaster they need to check thousands of infected devices (bots) and connected to the Internet. The size of a botnet directly depends on the number of connected bots. The bigger the botnet, the more damage it does.
Cybercriminals use botnet to obtain a disruptive and amplified effect. They order their army of infected bots to overload a website to the point where it stops working and visitors are denied access. Attacks of this type are called Distributed Denial of Service (DDoS), which in English means "distributed interruption of service".
Botnet infections
Normally, the botnet they are not created to damage a single computer, but to infect millions of devices, as the March 2020 case of the botnet I miss you. Often, to embed computers in botnet, the botmaster use type viruses Trojan.
The strategy is this- The user unknowingly infects their system by opening a fraudulent attachment, clicking on a pop-up ad, or by downloading infected software from an untrusted website. Once the device is infected, the botnet can view and modify the personal data present, use it to attack other computers and commit other computer crimes.
Some botnet more complex ones can even expand automatically, finding and infecting new devices without the direct intervention of the botmaster. The bots on these networks continually search for other Internet-connected devices to infect and target those with an outdated operating system or without a anti-virus.
Le botnet they are difficult to detect: they use a negligible amount of computer resources in order not to interfere with the normal functioning of programs and do not arouse any suspicion in the user. The botnet more advanced are also able to modify their behavior according to the cybersecurity systems of the computers to avoid being detected. In most cases, users don't know their devices are connected to one botnet and controlled by cybercriminals. Worst of all, botnets keep evolving, and new versions are increasingly difficult to detect.
Finally, the botnet they need time to grow. Many remain inactive as long as the number of connected bots is high enough. At that point, the botmaster activates them and commands all bots to carry out a DDoS attack or a mass delivery of spam.
Le botnet they can infect virtually any device connected to the Internet. PCs, laptops, mobile devices, DVRs, SmartWatch, security cameras and even smart appliances can be incorporated into one botnet.
From this point of view, the development ofInternet of Things is a godsend for i botmaster, which will have more and more opportunities to expand their own botnet and cause even greater damage. Take Dyn, for example, the large internet infrastructure company that suffered one of the worst large-scale DDoS attacks in 2016. On that occasion, one was used botnet made of security cameras and DVRs. The attack disrupted the Internet, rendering it unusable in large areas of the United States.
Botnet on the web
One of the most controversial aspects of the Web is that it makes any resource available to everyone, even illegal ones. In fact, hackers don't even need to know how to create botnet. On the Internet you can buy them or even rent them! After infecting and engulfing thousands of devices, botmasters are looking for other cybercriminals who need a botnet. Thus, buyers can carry out other cyberattacks or steal personal data without being computer savvy.
The legislation on botnet and cybercrime is constantly evolving. Since the botnet are becoming an increasingly serious threat to Internet infrastructures, telecommunications systems and even electrical distribution networks, sooner or later users will be required to ensure the safety of their devices. Cybersecurity regulations are likely to place more responsibility on users for crimes committed with their devices in the future.
Structure of botnets
Le botnet can be designed in two ways, both of which are intended to maximize control over botmaster about bots:
- Client-server model. In this kind of botnet a server controls the data transmissions of each client, as in the classic structure of a network. The botmaster use a to create servers Command and control (C&C), which give instructions to each client device. This model is great for keeping control over botnet, but it has several disadvantages: it is quite easy for law enforcement to locate the C&C server and it has only one control center. Once the server, botnet no longer exists.
- Peer-to-peer. Instead of relying on a central C&C server, the newer botnets rely on a structure peer-to-peer (P2P). In a P2P botnet each infected device works both as client be like server. Each bot has a list of other infected devices and contacts them when it needs to update or transmit information. The botnet P2Ps are more difficult for law enforcement to dismantle because they lack a central origin.
Botnet Prevention
At this point it should be clear that to prevent botnet infection it is necessary to adopt a multi-pronged strategy, based mainly on rules for safe browsing and an antivirus protection system whose responsibility lies in the hands of the user. In particular, it must:
- Update the operating system
- Do not open email attachments from unknown or suspicious senders
- Do not download files from P2P networks and File sharing.
- Don't click link suspects
- Use anti-virus and security softwareendpoint.
What we can do as users allows us to limit the risk of becoming part of one botnet but if we go back to how we started the article, it is clear that the dismantling of a botnet it is not an action that can be done by a single company. We need the collaboration of many actors and the intervention of the legal components. In this specific case, as in other cases in the recent past, Microsoft was authorized to proceed with the destruction of the network by the court of the Eastern District of Virginia.
The right technology and correct operations are not enough to guarantee the world the greatest possible security: it is necessary to strengthen the entire ecosystem, join the forces of the entire IT sector and collaborate directly with governments and democratic institutions. Microsoft has recently taken significant steps in this direction by collaborating with technology companies, policy maker and institutions decisive for the democratic process in defense of the mid-term elections. The "Defending Democracy" program is aimed at protecting political campaigns from intrusion by cybercriminals, increasing the security of the electoral process, defending against disinformation and greater transparency in online political advertising. Part of the program is represented by the initiative AccountGuard, which provides state-of-the-art cyber protection at no additional cost to all candidates and campaign offices at the federal, state and local levels, as well as other organizations that are critical to the democratic process. During the first month they joined AccountGuard over 30 organizations. The initiative, initially focused on the activities of the major national parties, is now extended not only to representative committees of the two main parties of the United States, but also to think tanks and high profile campaigns.
Photo: web
