Botnets 'the Swiss Army knife of attack tools'
Hacker militias can turn to botnets for instant cyberattacks
Computerworld - Hacker militias reach for the closest tool at hand -- botnets already up and running, already reaping ill-gotten gains -- when they mobilize to attack the information infrastructure of other countries, security experts say.
"They just pick up what they use every day," said Joe Stewart, director of malware analysis at SecureWorks Inc. and a noted botnet researcher. "[Militias] don't have much time to ramp up, just days, so it has to be something already in use."
Although militias may be at the bottom of the cyberwar food chain, that doesn't mean they haven't caused chaos. Researchers believe that in 2008, Russian hackers marshaled a force of previously compromised computers -- one or more botnets -- to carry out distributed denial-of-service attacks (DDoS) that knocked offline many of the Web sites in the former Soviet republic of Georgia. At the time, military forces from Georgia and Russia were fighting over disputed territory.
DDoS attacks flood sites with so many spurious requests that the sites' servers are overwhelmed and can't handle legitimate requests, are knocked offline, or are taken offline by the hosting firm or Internet provider.
According to Stewart and other researchers, one of the botnets drafted for the brief cyberskirmish was Black Energy, a Trojan horse-hijacked army of PCs thought to have been used to hit Citibank last year. Since then, Stewart has identified its successor, Black Energy 2, which he said is currently being used to launch DDoS attacks against Russian banks. Stewart speculated that the criminals behind Black Energy 2 attack the banks' Web sites to distract security teams as online accounts are pillaged, much like a criminal crew might stage a fire to distract police from a bank robbery across town.
Black Energy 2 could be the weapon Russian militias reach for next time.
"Botnets are the Swiss Army knife of attack tools," said Marc Fossi, manager of research and development for Symantec Corp.'s security response team. "Hackers use them to relay spam, for phishing and to post Web-based attacks or malcode. They're the engine that drives criminal activity on the Internet."
DDoS attacks are the "blunt end of what they can do," Fossi added.
- After Google-China dust-up, cyberwar emerges as a threat
- Targeted attacks test enterprise security controls
- Is the U.S. the nation most vulnerable to cyberattack?
- In cyberwar, who's in charge?
- Schmidt: Private sector key to stopping Google-style attacks
- Threat of cyberattacks from overseas high, federal IT execs say
- Estonia readies for the next cyberattack
- Think tank in Estonia ponders war in cyberspace
- Botnets 'the Swiss Army knife of attack tools'
- 'Cyber War' author: U.S. needs radical changes to protect against attacks
- Special report: Web giants attacked
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts