A computing cloud is a large collection of computers or processors, memory, storage space, applications and other computing resources connected to the web. These resources, available simultaneously to millions of customers, can be housed anywhere in the world, and the business benefits are being recognized by many.
Cybercriminals, however, control some of the most formidable cloud computing platforms in existence today. These “dark” for-profit cloud computing networks, known as botnets, can run millions of infected computers that spread malware. Undetected, botnets can steal enough computing power to bring down entire networks and businesses. Without preventive detection on networks, organizations continually run the risk of infection.
Tempting Targets
Cybercriminals, and the botnets they control, seek out the security vulnerabilities in computers to capture these abundant resources for their own profit. Botnets operate stealthily to infect computers with a virus without any immediate or noticeable damage. The silent attack turns the computer into a bot, or a ‘zombie slave’, which takes commands from an unknown central ‘master’.
Once a computer is compromised, the virus will seek to silently infect and copy itself onto other machines as well, growing the scope and power of the botnet.
Strength in Numbers
A botnet operates with sheer scale and brute force, controlling millions of computer processors, countless gigabytes of storage and memory, and enough combined bandwidth to overwhelm the largest multi-gigabit commercial internet connections.
Botnets don’t target and infect computers from specific business to be part of the botnet. Instead, they spread by systematically working through a list of IP addresses, or dynamically scanning the machines and network space around them, seeking specific vulnerabilities. For example, a bot might find a computer it can infect using an unpatched Windows vulnerability. It then moves on, sifting through the entire network while probing other machines for vulnerabilities. At the same time, the newly infected machine becomes a functional bot with the capability to infect other computers on the network, which can include other businesses or customers.
Who Benefits from Botnets?
Botnets spread for the purpose of giving the botnet owners massive dark cloud computing power that they can use to conduct highly profitable cybercrime. Botnet owners may rent out their army of infected machines to criminal enterprises for a variety of uses.
For example, a spam operation might use a botnet to blast out millions of messages, or unscrupulous businesses could use a botnet to knock down a competitor’s website with a denial of service (DoS) attack. Botnets can also be used to crack open password-protected or encrypted information, using the combined resources of the botnet to conduct ‘brute force’ attacks – trying thousands of combinations of passwords to gain access to a protected network or encrypted database.
This kind of activity is not only highly profitable, but it also fuels development for ever-more capable botnets. Designers increase the sophistication of their bot programs by analyzing the security industry’s response to their previous efforts, so they can make updates accordingly.
The Consequences
Botnet infection has both immediate and potentially long-term consequences, including risk of complete network failure. As well as this burden on IT departments, long-term consequences can impact a company’s reputation. Furthermore, customers, partners and other key stakeholders could be infected by their trusted business partner.
The Best Defense
Businesses can protect themselves against attack with the right solutions and a few simple best practices:
- Ensure operating systems and their programs are patched and protected
- Utilize an effective network gateway defense solution to prevent bots from entering computers
- Regularly test the network perimeters of all workstations and servers
If businesses are infected, they should avoid spending money on researching the culprits behind the attack, but instead should invest in better securing resources to prevent the next round of assaults. That way, networks can be shielded from threats and attacks, leaving organizations free to conduct business with confidence.
Sophos is exhibiting at Infosecurity Europe 2012, the No. 1 industry event in Europe held on 24–26 April 2012 at Earl’s Court, London. The event provides an unrivalled free education program, exhibitors showcasing new and emerging technologies, and offers practical and professional expertise. Visit the Infosecurity Europe website for further information. |
Angelo Comazzetto is the senior product manager for Sophos UTM. In this role, he is responsible for steering product development and the creation of customer support materials. Since joining Astaro in 2003, he has also educated partners on how to best deploy Astaro products for their customers. Comazzetto has over 10 years of experience in the network security industry and enjoys discussing security trends. A native of west coast Canada, Angelo has two Bachelor of Science degrees, in business information systems and business management.