A new report recommends best practices for services providers, enterprises, and software and device manufacturers to protect against botnets and other automated distributed attacks.
The Council to Secure the Digital Economy published the 2018 International Anti-Botnet Guide. It’s a trade association with about 2,200 IT and communications member companies, and it’s led by three other trade groups: USTelecom, the Information Technology Industry Council (ITI), and Consumer Technology Association (CTA). Some member companies and contributors to the report include Intel, Ericsson, Samsung, Oracle, Cisco, IBM, AT&T, CenturyLink, NTT, and Verizon.
Now that the anti-botnet guide is published, the member companies say they will engage with stakeholders, including governments in the U.S. and internationally, to promote the anti-botnet practices outlined in the report. Additionally, the Council plans to update and publish a new version of the guide each year.
Botnets — large networks of compromised devices under the control of malicious actors — can include computers, routers, mobile and other IoT device, and essentially anything that connects to the internet. Threat actors may use these botnets for criminal purposes, like the so-called “3ve” ad fraud ring – responsible for more than $30 million in fraudulent ad revenue — busted earlier this week. Botnets may also be used for espionage and cyberattacks against nation states like the NotPetya attack in the Ukraine and the Russian interference in the U.S. 2016 elections.
Attacks include distributed denial of service (DDoS), ransomware, phishing, disinformation campaigns amplifying inauthentic social media, and other malicious acts.
Baseline and Advanced Anti-Botnet Practices
The guide offers specific solutions for governments and companies in the IoT sectors, internet service providers, content delivery networks (CDNs), data centers, software developers, device manufacturers and system installers to protect against the botnet threat and mitigate potential attacks. It gives both baseline practices as well as more advanced capabilities that organizations can use to secure their networks against distributed threats.
This is important because smaller network service providers probably don’t have the same capacity as a large provider to defend against attacks, said Kathryn Condello, senior director, National Security/Emergency Preparedness at CenturyLink, in a Thursday event in Washington, D.C. to launch the new report. She sat on a panel with executives from NTT, Ericsson, Samsung, Oracle, and Intel.
“Most of us up here are fairly large, but for many companies that are small, what’s important is that it talks about what are the baseline capabilities,” she said.
For example, the first step in mitigating botnets is to identify the assets that need to be defended and the attack surfaces that could expose these assets, the report says. Checking for known types of malware in regularly updated databases is a baseline detection practice. Meanwhile, companies with access to more resources may employ a dedicated staff of security researchers that can analyze anomalous behavior to detect malware and share these findings with other stakeholders.
Building Security Into Networks
“We have to work across sectors to leverage the power of the network that is being used against us right now,” he said. “The bad actors are using that trust in the network, the connectivity, the bandwidth that we’ve built to enable all these bad things and turn it around on us. We have to work together to use that same power of automation, artificial intelligence, and machine learning to use that power to drive security into the network and limit the ability of the attackers to do bad.”