Effectively Combatting Bots in 2017
2017 marks the 10-year anniversary of Cisco’s declaration that “botnets are the primary security threat on the Internet today.” At the time, it was consumers’ access to broadband connections that gave botnets the ability to launch distributed denial of service (DDoS) attacks; today, unsecured Internet of Things (IoT) devices on even higher speed networks are (for now) the culprit. Despite advances in preventive and detective controls, bots remain a formidable and ever increasing threat to the integrity of business applications and information.
As 2016 came to a close, we learned from WhiteOps of the financial losses suffered by advertising agencies at the hands of ‘Methbot’, a sophisticated bot farm developed to “masquerade as engaged human consumers” using a custom browser to generate impressions on ad content. While the extent of losses has been disputed (Nolet, O’Kelley), click fraud remains a profitable (albeit, unethical) enterprise.
Not only were the Mirai (September) and Leet (December) botnets stark reminders of the work ahead to properly secure IoT devices, they established a whole new scale for botnet-driven DDoS attacks. The highly publicized attack on Dyn, a leading DNS provider to many large organizations and some of the best known brands, was perpetrated by Mirai-infected hosts that led to downtime or lag for many popular sites, such as Netflix, CNN, and Twitter. In 2017, we expect similar size or larger disruptive attacks until concerted efforts are made to secure devices out of the box or automatically manage such traffic further upstream. With the Mirai source code available in the wild, it is likely a matter of time before more bad actors make use of it to make new legions out of the thousands of IoT devices shipped daily. Businesses cannot afford to wait for the problem to be fixed by others: In 2017, we are likely to see the accelerated industrialization of crimeware-as-a-service, to include all manners of bots.
…Continue reading on the Zenedge blog!
If you’re at RSA, stop by our booth (N4701)- I’d love to chat in person.
