When bots go bad

CERT-LatestNews ThreatsStrategic

Research groups predict that by year-end, around 8.4 billion devices will be connected to networks around the world. This number will increase exponentially in 2018, as the concept of the Internet of things (IOT) – the connection of all devices with an on/off switch to the Internet and/or each other – gains momentum.

The proliferation of new devices joining existing networks will expose ‘weak points’ in aging networks, which will be quickly exploited by armies of robotised malicious ‘botnets’.

Bots, also known as Web robots, are software applications designed to perform a range of repetitive tasks automatically over the Internet – tasks that would be too time-consuming or tedious for humans to undertake.

Able to work on a 24×7 basis without coffee breaks, sleep or days off, bots are often used by search engines to surf the Web and systematically retrieve and catalogue huge hauls of data from a vast number of Web sites.

They are also used by trading sites to search out the best bargains from tens of thousands of alternatives, and some media services employ them to deliver information ranging from weather conditions to currency exchange rates.

Jekyll and Hyde

Latest headlines

However, in the same way as nuclear energy can be used for peaceful purposes as well as provide the basis for weapons of mass destruction, so bots are being used for malevolent purposes too.

Masterminded by their cyber-criminal creators, malicious bots are rapidly changing the threat landscape. They secretly take up carefully camouflaged, strategic positions on unprotected or vulnerable computers, quickly forming a covert army of connected, compromised networked devices repurposed as weapons.

This network of bots – botnet – then uses its commandeered ‘weapons’ to carry out coordinated and devastating cyber crimes. These include mass spam deliveries that flood millions of inboxes in a matter of seconds, orchestrated ‘brute-force’ hacking attacks that crack passwords and other Internet security measures, distributed denial of service (DDOS) attacks, and identity theft from sensitive, private information culled from infected databases.

Capable of bringing the largest corporate network to its knees, botnets pose the most dangerous of all threats to users who connect to the Internet. Organised and orchestrated attacks are becoming commonplace and, looking to the future, will become more challenging as botnets morph into ever-more complex entities that are harder to detect and prevent.

Capable of bringing the largest corporate network to its knees, botnets pose the most dangerous of all threats to users who connect to the Internet.

With a nod to the fundamental belief of renowned theoretical physicist and cosmologist Stephen Hawking that robots, powered by artificial intelligence, could overtake humans within the next century, it is now recognised that malevolent bots have the capacity – with minimal human intervention – to recruit legions of fellow bots to their cause.

Researchers estimate more than a million organisations worldwide have already been infected by botnets or have been affected by various botnet-led attacks.

The Mirai botnet attacks in 2016 demonstrated what can happen when hackers deploy a bot army with enough capacity to seriously impact systems in a nation state (Liberia).

Yet, this kind of attack may no longer be characterised as a ‘worst case scenario’. The recent assaults on the Twitter and PlayStation networks highlight the potential for global chaos and expose the inability of many IT industry specialists to deal with botnet-inspired strikes at their most vulnerable computer infrastructures.

Devastating results

Unfortunately, while acknowledging the botnet threat, few network managers appear to comprehend the exceptionally high cost, in real, hard-cash terms and in reputational damage, that can be incurred should their systems be invaded.

Most are blasé when it comes to dealing with the threats. Their comments, which include “we have not been hit yet” or “our security systems have always taken care of viruses” are clear indicators that current best practices are not being followed.

Cyber security threat detection and prevention need exceptionally high levels of understanding and perception and – particularly in SA – these skills are few and far between.

The answer lies in user training, giving network managers insights into their systems’ ‘soft targets’ – such as the weaknesses associated with outdated systems – and the methods in which botnets can be delivered. These include Trojans found in questionable software, such as rogue anti-virus programs, or seemingly benign e-mail attachments.

Importantly, network managers and users should be aware that many of today’s IOT devices are designed with affordability and not security in mind. Disturbingly, many of these devices have back-door support or diagnostics access credentials that, left unchanged, enable devices to be exploited, even if their owners install next-generation firewalls and intrusion prevention systems.

SA is experiencing the calm before an extremely powerful storm. Network managers must realise that unless they take immediate remedial action to block botnet activity and employ mitigation solutions, they will become part of a rapidly growing problem that threatens the connected world.

Local infrastructures could be globally compromised, resulting in Web sites and Internet connections being black-listed by the international community. Undoubtedly, SA will not be spared the impact of the next global cyber hurricane.

Enjoyed this story? Subscribe to ITWeb’s Networking newsletter.

Our comments policy does not allow anonymous postings. Read the policy here