Prevent your network from being attacked by a Botnet

Prevent your network from being attacked by a Botnet

Not having enough network protection may allow your organisation’s devices to be part of the next cyberattack, according to Harish Chib, Vice President, Middle East and Africa, Sophos.

Botnets are large volumes of distributed networked computers and devices that have been taken over by a cybercriminal. Botnets, also referred to as bots, are usually taken over by malicious software to enable remote control by a threat actor. They are set up and developed by a hacker to provide a powerful and dark, cloud computing network to conduct cyberattacks of a criminal nature.

The growth in mobile and network devices has created large scale social and productivity benefits for us. We can now remotely access computers, security systems, cameras, appliances, and a growing list of devices, interconnected with cloud. Collectively this is referred to as the Internet of Things or IoT.

A worrying aspect of the growth of Internet-connected devices is the absence of basic security precautions. Most end users rarely change factory defaults, which can be exploited by hackers to take control of the devices. Another door for cybercriminals to take control of connected devices is called the back-door entry. This is a manufacturer’s access to the device through an undisclosed connection, used for remote testing and updates.

This large distributed, network of computers, under the control of threat actors, represents an aggregation of computing power that can be used for a devastating effect.

Inside the network

Malicious software designed to exploit IoT devices are usually not sophisticated. They operate by scanning network ports, looking for access opportunities, and gaining access through default credentials, or brute-force hacking to gain access. This software is much easier to defend against, as it merely requires configuring the network firewall protection devices.

Like other malware, botnets can enter an organisation through multiple points of entry. This includes email attachments, hacked web sites, connected sensors and other IoT devices, and USB sticks.

Once a malicious software has entered an organisation, it will call home – the hackers command and control server – to register its success in gaining entry and to request further instructions. It may be told to lie low and wait or be instructed to move laterally on the network to infect other devices, or to participate in an attack. This attempt by the malicious software to call-home represents an opportunity to detect infected systems on the network that are becoming part of a botnet.

Once an attack has got underway, it can be difficult to detect. From a network traffic point of view, the device will simply be sending emails out as spam, transferring data or mining bitcoins, or performing DNS lookups and a variety of other requests, usually seen in large scale attacks. In isolation, none of these types of activities are noteworthy.

Building protection

The most important ingredient for effective protection from botnets is the organisation’s network firewall. The following can help to get best protection from the firewall.

  • Advanced Threat Protection can identify botnets already operating on the network. Ensure the firewall has malicious traffic detection, botnet detection, and command and control, call-home traffic detection
  • Intrusion prevention can detect hackers attempting to penetrate and take over the network. Ensure the firewall has next-gen intrusion prevention system that can identify attack patterns inside the network
  • Sandboxing can pick up the latest malicious software before it reaches the organisation’s computers. Ensure the organisation firewall offers advanced sandboxing that can identify suspicious web or email files and activate them in a safe environment
  • Effective web and email protection can prevent malware from getting onto the network. Ensure the firewall has behavioural-based web protection that can simulate JavaScript code in web content to determine behaviour before it reaches the browser
  • Ensure the firewall has top-shelf anti-spam and antivirus technology to detect malware in email attachments
  • Web Application Firewall can protect servers, devices and business applications from being hacked. Ensure the firewall offers WAF protection for any system that requires remote access

Best-practices

  • Change the password for all your network devices to a unique complex password and use a password manager if necessary
  • Minimise use of IoT devices and update all essential connected devices. Also disconnect unnecessary devices from the network and upgrade older devices to newer models
  • Avoid using IoT devices that require ports to opened in the network firewall or router to provide remote access. Instead, use cloud-based devices that connect only to the cloud provider’s servers and do not offer direct remote access
  • Do not enable UPnP on your firewall or router. This protocol enables devices to open ports on the firewall on demand without your knowledge increasing the surface area of attack
  • Use secure VPN technologies to manage your connected devices remotely

Botnets have a massive slowdown effect on the global Internet traffic. They can also have a devastating impact on an organisation, if the objective of the attack is to steal sensitive information. Even if the botnet operating on the organisation’s network is not after its data, it could be using devices and network resources to cause devastating harm to another organisation.

Do not let your network become part of the next global botnet attack.

Browse our latest issue

Intelligent CIO Africa

View Magazine Archive