Tuesday, November 23, 2010

The Botnet Threat

The challenge for CIOs and law enforcement is countering a very sophisticated threat that is entering a hyper-growth stage. With increased revenue comes increased investment in new tools and better techniques. This blended threat cycle feeds on itself and is growing bigger every day.

One of the main challenges for CIOs is recognizing there is a problem. Unlike standard spyware or adware, a bot's malware infection can install kernel-level rootkits that modify many of the tools and libraries upon which all programs on the system depend and allow it to hide from standard anti-virus, intrusion detection, or anti-spyware applications. CIOs generally become aware of botnet infiltrations through end-user complaints about performance issues, third-party reports of attacks originating from their IP space, victims' reports of DDoS floods, detection of excessive inbound or outbound port scanning, or unusual traffic patterns on the network. In other words, most times, it's difficult to know if a bot or bots have infected the network until it is too late.

As the black market for malicious code and stolen information grows, botnets are quickly becoming the tool of choice for those with malicious intent. Like mainstream service providers, botnets will evolve to reflect the demands of the market. They will add features over time to spread quicker, harvest more specific information, and perpetrate DDoS attacks more efficiently. CIOs can expect to see security vendors roll out new approaches to combat the threat. In the meantime, it is important that they stay vigilant to protect individuals, intellectual property, and their organization's critical infrastructure.

No comments:

Post a Comment