How to Prevent a Zombie Apocalypse: 5 Deadly Cyberthreats Explained

botnet r31

7/17/2014

Full article:

http://intelligent-defense.softwareadvice.com/prevent-zombie-apocalypse-cyberthreats-explained-0714/

A common lament in IT security is that, in most organizations, there’s a huge language gap between business executives and security experts. Let’s face it: terms such as “bot,” “zombie,” and “threat vector” sound like something from a video game, not a board meeting.

So, even though a 2014 McAfee study estimated that the annual cost to the global economy of cybercrime could be as high as $575 billion, a recent SIM IT trends survey of 500 IT leaders in large organizations revealed that while security was the second-ranked concern of Chief Information Officers (CIOs), it ranked seventh for the businesses overall.

Here at Software Advice, we wondered: What if all this “nerd-speak” is part of the problem? If the boardroom understood these terms better, would they take all this stuff a little more seriously? To help, we asked IT security experts to bridge the communication gap with storytelling, analogies and examples of real-life consequences of five common cyberthreats.

But beware—these are no bedtime stories. If one of these threats struck your business, it could be the stuff of nightmares.

Threat #1: The Trojan

Threat #2: The Zombie

Threat #3: The Botnet

 

Jared Schemanski, security information and event management (SIEM) administrator for Nuspire Networks: The largest botnet known to exist was the BredoLabs botnet/Trojan, which had over 30 million computers in its zombie slave-bot network. The BredoLab botnet was used for mass email spamming, which is still the most widely used purpose for botnets. BredoLabs was sending as many as 3 billion junk and infected emails per month through its zombie network of bots.

If a business computer has been compromised and turned into a zombie bot, one result could be a lack of productivity from the user of the system—due to slowness not only of the computer itself, but of the Internet connection, as well. Farther-reaching effects would include a general network slowdown because the infected bot computer is performing tasks assigned by the hacker and owner of the bot network. Another repercussion could be the business getting blacklisted or shut down by their internet service provider (ISP) because of heavy network traffic.

Network administrators should keep an eye out for any system on the network that is using more bandwidth than other systems, and especially for a system that is “uploading” a lot of data, which could be a sign that the compromised system is a bot that is spreading spam out to the internet.

Threat #4: Spyware

Threat #5: Distributed Denial of Service (DDoS)

Schemanski: A DDoS attack uses hundreds or thousands of computers in the botnet to send data or requests to a website or network service, such as email, in a continuous loop. The objective of the attack is to overwhelm a system with activity until a particular service (i.e., email, point-of-sale system, company website etc.) either responds too slowly for use or crashes completely.

Many times, a company will be contacted by the hacker, demanding money in exchange for stopping the DDoS attack—and because the flood is coming from so many globally dispersed, individual systems, it’s not easy to stop the attack by blocking IP addresses from a certain region or country. Hackers in control of large botnets wield a lot of power in the hacking community. A persistent DDoS attack can even put a company out of business. The best defense for a DDoS attack is to have another set of servers—with a different IP address—to switch a website or service to.

A DDoS attack can happen to any type of business (i.e., retailer, franchise, corporation etc.), but a good example of this is a retail store that is attacked at the peak of the holiday season. The overwhelming activity forces a system shutdown, and the retailer loses the ability to use its computer systems. One of the more recent cases of a large DDoS attack was on the news-feed websiteFeedly, where the assault swarmed the website’s RSS (Rich Site Summary) provider to take over its server and, in turn, shut down the site.

These attacks don’t always result in the theft of information, but the downtime in a company’s system can result in lost revenue, a standstill in productivity and damage to customer loyalty. If the attack is personal, it can continue even after a website or service has moved to an alternate IP range. This has happened with some companies that ultimately went out of business because they were not able to stop the attack.

Conclusion

And so, as our experts have made clear, it’s a dangerous world out there on the Internet—where many villains are lurking in the shadows, and possibly even on your own computer. The good news is that although it may be impossible to guarantee safety, it is possible to greatly reduce the chances that you’ll fall victim to their nefarious schemes.

As Schemanksi points out, a little forethought and caution can go a long way: “The best defense is a good offense, and users need to be proactive in maintaining their security online. If you avoid untrusted software and layer your defenses well, you can mitigate the vast majority of threats out there. Learn the lessons of history, and don’t end up as a zombie fighting for the enemy.”

And look on the bright side: maintaining good cybersecurity is a lot less messy than shooting the actual undead in the head.

Jared Schemanski has been with Nuspire Networks since January 2012, where he serves as a security information and event management (SIEM) administrator on the security analytics team, specializing in research and development.