Botnets Exposed: Stopping Next-Generation Attacks

Botnets Exposed: Stopping
Next-Generation Attacks
Combating today's new threats requires a combination of network defense technologies and Global Threat Intelligence
AbstractThe increasing sophistication and dynamism of multi-vectored network attacks, including use of botnets to deliver threats deep inside the enterprise, requires rethinking network security. In light of this sophistication and the corresponding multi-pronged attacks, traditional exploit-based solutions fail to be effective countermeasures to secure the network. Network and security architects need to consider a new approach that combines some traditional network defense technologies with a new concept, that of Global Threat Intelligence, in order to map to the anatomy of these threats - including the vulnerability, exploit, and threat vector - in order to stop them.
Cyber-crime today is essentially an international business run by increasingly sophisticat-ed groups of well-organized criminals using botnets to deliver their attacks.
Many of us probably know that those interested in committing data theft, distributing spam, or disrupting a Web site's operations can easily rent armies of previously infected botnet com-puters or find online crimeware toolkits (both freely available and for sale) to create their own.
To put the use of botnets into perspective, consider that cyber-crime follows the same sup-ply and demand laws of any business. Because of their growing use, the cost of renting out 10,000 botnet machines has tumbled to $200 a day, from between $2,000 and $5,000, 1according to an August 2009 BusinessWeek article.
What is truly stunning is the sheer sophistication, volume, and frequency of the crimes committed using botnets. And to mask criminal activities, groups are hiring money-mules to steal funds out of stolen bank accounts.
For example, in October 2009, the FBI arrested 53 individuals in the U.S. and sought to ar-rest 47 people from Egypt engaged in online bank fraud that had netted at least $2 million 2from individual and business bank accounts. To carry out the thefts, the Egyptian group coordinated a massive phishing campaign that lured users to fake Web sites made to look identical to the real banking sites. There, the users were asked to enter personal informa-tion like their bank account numbers, passwords, Social Security numbers, and drivers'
1 "Computer Hacking Made Easy," BusinessWeek, August 13, 2009 http://www.businessweek.com/magazine/content/09_34/b4144036807250.htm?chan=technology_Sponsored by technology+index+page_best+of+the+magazine2 "F.B.I. Indicts Dozens in Online Bank Fraud," The New York Times, October 7, 2009 http://www.nytimes.com/2009/10/08/technology/internet/08phish.html?_r=2&hpw license numbers. The U.S. group transferred funds into their own accounts and remitted some monies back to their accomplices in Egypt.
Such collaborative efforts are becoming more common. In August 2009, the banking in-dustry group Financial Services Information Sharing and Analysis Center (FS/ISAC) issued an alert noting that "Eastern European organized crime groups are believed to be predom-inantly responsible for the activities that are employing witting and unwitting accomplices in the U.S. to receive cash and forward payments - from thousands to millions of dollars to overseas locations - via popular money and wire transfer services."
Such groups rely on phishing, new malware, and poisoned Web sites to infect more and more computers, which are often joined into centrally controlled botnets. And they have 3stepped up their efforts in the last six to 12 months.
Source: Shadowserver Foundation
Compounding these problems, criminals also are bolstering their malicious efforts on other fronts. For example, Web malware on both legitimate and malicious Web sites continues to exploit browsers. In the first half of 2009, 61 percent of the Web's top 100 sites deliv-ered something malicious to visitors because a hacker broke in and planted something 4nefarious, according to a September 2009 Wall Street Journal article.
Spam and phishing activities that help lure people to poisoned sites are on the rise as well. Many of the sites are poised to install password-stealing Trojans. And increasingly, these spam and phishing efforts are tied to newsy topics that garner a high level of user interest and discussion. Most recently, ne... [download for more]