Hacking Power Squared – Scary Details on Big Botnet Takedowns Coming to Light
Massive financial fraud, data for ransom and other sophisticated attacks are par for the course when it comes to giant botnets, and as details trickle in about some of the biggest botnet takedowns ever, US businesses better take notice. GDF’s founder discusses some of these newest revelations and the importance for organizations to undergo regular in-depth testing and to have sound emergency response plans in place.
On Tuesday, June 3rd, Reuters published an article about details that have started to emerge on the takedown of the GameOver Zues botnet which infected up to a million machines and netted the group behind it over $100 million dollars along the way. By coupling financial fraud malware with the data-hostage-taking Cryptolocker malware, which found great success last year, GameOver Zues packed a powerful punch.
“The first priority of course is to prevent the initial infection when it comes to botnet attacks,” said Joe Caruso, founder and CEO/CTO of Global Digital Forensics (GDF), a premier provider of cyber security solutions for businesses, “but with so many constantly evolving variables, no security is perfect. So the next best approach is to regularly test for the sophisticated malware which standard antimalware/antivirus solutions simply stand no chance against. To do that, it takes a very different arsenal of professional tools and the expertise and experience to wield them correctly. And in the event something nefarious manages to get through between testing cycles, which far too many companies don’t schedule often enough, then it all comes down to an effective emergency response plan which will quickly escalate the event so qualified responders can snap into action to identify the attack, stop it in its tracks, and best manage the aftermath, and by extension, both the costs financially and to an organization’s reputation and integrity.”
So what is a botnet?
“Put simply, a botnet is an army of compromised systems, called zombies, which can be controlled by an individual or group to carry out synchronized attacks. This not only makes it much more difficult to track down the culprits, but also amplifies the computing power at their disposal exponentially. So to add insult to injury, they are basically making accomplices of sometimes millions of users without their knowledge, as the malware that compromised each “zombie” typically goes undetected because of their ability to fool the standard off-the-shelf security solutions that most users have in place as their only line of defense,” explains Caruso.
Seeing is believing? Not necessarily in the world of cyber crime.
The sophistication of botnet attacks can also be the stuff of nightmares, as detailed in an article published on June 4th in Gizmodo in relation to information recently released about last year’s takedown of the Citadel botnet, which apparently was responsible for up to 98% of the online financial fraud in Australia before Microsoft’s Cyber Crime Center teamed up with authorities in multiple countries to bring it down. If it wasn’t bad enough that the malware employed by Citadel was able to vacuum credentials and account information when it recognized financial transaction pages, but there was also an available man-in-the-middle component which was able to record balances and other account information and then deploy a spoofed page to the user so everything looked like it was in order while transactions had time to be carried out in the background.
The art of deception
“Deception is always the name of the game,” said Caruso, “ Whether it’s a phishing email that’s made to look like it’s coming from a recognized and trustworthy source, with links to a fabricated website which can look quite convincing, or the evasion techniques malware uses to circumvent standard antivirus and antimalware solutions, the goal is to make you trust your eyes on face value. But to survive and thrive in the cyber world today, you have to learn to instinctively look deeper. Our vulnerability assessments and penetration tests are designed to help clients raise that awareness enterprise-wide.“
Cyber attacks can happen to anyone, be prepared in advance.
According to Caruso, “It’s a harsh truth, but a truth none the less; outside of completely unplugging from the internet and relying on digital technology, there is simply no way to stay protected against every type of possible threat. Hackers don’t sit on their hands, they are always on the lookout for previously undiscovered vulnerabilities, known as zero-day attacks, and they are always changing, improving and refining their techniques. On the security side of the fence, it’s a daunting task to plug the millions of holes already out there and also have to be concerned with threats security professional haven’t even thought of yet. On the other side of the fence, an attacker only needs to find one flaw, so obviously, they have the advantage. We help our clients stay as up-to-date as possible, but if the unthinkable does happen, we also have emergency responders on call 24/7 every day of the year, so we can jump right in and often start mitigating the attack immediately with remote technologies, or we can have boots on the ground within hours, not days, thanks to our network of responders strategically positioned across the country if a physical presence is needed given the situation. We also help clients design and improve emergency incident escalation policies and procedures so everyone knows exactly what to do in the event of a cyber emergency like a data breach or intrusion. The end–effect cost of a successful attack is significantly reduced if the right steps are taken right out of the gate, but on the flipside, making the wrong moves early on their own with untrained in-house personnel can end up costing an organization everything.”
The right choice
*Global Digital Forensics is a recognized industry leader in the fields of computer forensics, cyber security and emergency incident response, with years of experience assisting clients in the government, banking, healthcare, education and corporate arenas. For a free consultation with a Global Digital Forensics specialist, call 1-800-868-8189 about tailoring a cost-effective plan which will meet your unique needs, without wasting resources on solutions you simply don’t need. Emergency responders are also standing by 24/7 to handle intrusion and data breach emergencies whenever and wherever they arise. Time is critical if a cyber incident has occurred, so don’t hesitate to get help. For more information, visit our cyber security page.