Opinion: Fighting the botnet threat

As organised criminals and state sponsored spies understand, the use of third party infected machines is cheap and relatively risk free.

ISPs in Australia have for some time been notifying users about the likelihood that their computers have been compromised by malware.

Now under the icode, the system has been formalised. Education and remediation tools are being made available to suspected victims. The scheme even allows for home visits by accredited teams to debug infected machines and perform security upgrades. This recognises that the most vulnerable users, the ones most likely to be part of a zombie botnet, are also the ones least likely to have the skills to fix an offending machine.  Why are ISPs cooperating? Because they understand an infected computer is not only a threat to the individual user, but to everyone else on the network – and the network itself.

The fact the recent high profile hacking efforts of LulzSec and Anonymous used botnets as their weapon of choice is not surprising.  As organised criminals and state sponsored spies understand, the use of third party infected machines is cheap and relatively risk free. Hard to detect and harder still to mitigate, the CIO/CSO knows it’s going to be a bad day when the monitoring system signals a major outage and the company website goes down.

There are various points along the attack continuum. At one end is full-on cyberwar. As more and more of our critical services are connected to the open Net, we expose ourselves to doomsday scenarios of traffic gridlock, frozen banking systems, power outages and civil unrest, the stuff of Hollywood cyberdrama. Though we are yet to see this unfold in all its glory, former Bush advisor Richard Clarke in his book Cyberwar claims some 34 nations now have advanced cyberoffensive capabilities. Now enter cyberterrorists who don’t need to wait for an escalation in geopolitical tensions to make their run. Using the same tools as the hacktivist and the cyberwarrior, they no longer need to fly planes into buildings to make their point. Whether through war or terrorism,  the prospect of a crippled economy is a risk most governments are taking very seriously.

At the other end of the spectrum lies the advanced persistent threat (APT). This relatively new term in the cyber lexicon signals a move from a world focused on preventing the bad guys getting into our systems to a world recognising they probably are already there. They got there using worms, viruses and spam, mainly spread by botnets. Now we just want to know and, if possible, control what they are doing with our information. The ‘low and slow’ activities of infiltrating foreign governments or organised criminals exposes the victim to loss of business intelligence, intellectual property or extortion. A new mindset must emerge – how to survive and continue business with compromised systems, while we figure out how to reinvent a more secure internet. A lot of investment and R&D has gone into breaking security systems. Jefferson said ‘the price of freedom is eternal vigilance’. We might say, that’s the price of being online.

Recently, the IIA held an cybersecurity forum where we invited a leading HIV AIDS researcher to share his experiences. He vindicated our theory that we need to take an epidemiological approach to internet security. Part of the AIDS fight is about minimising the attack vectors – the unprotected individual engaging in high risk activities. Isn’t that what we are dealing with here?

If we really want to counter the botnet threat we have to think globally. Australia’s scheme is attracting a lot of international attention. If we can get ISPs around the world to cooperate in identifying infected machines on their networks, a few things will start to happen. Firstly networks will be safer. Secondly users will be safer. Thirdly economies will be safer.

Alone it won’t solve all the problems. But targeting today’s weapon of choice is a goal worth pursuing – making it harder for the bad guys to do harm is something we all should support.

(As architect of the icode, Peter Coroneos recently ended a 13 year tenure as chief executive of Australia’s Internet Industry Association)

More info: icode.net.au

____________________________________________________________________________________ About the Author:

Peter Coroneos has recently completed a 13 year term as chief executive of the Internet Industry Association, the national industry body for the Internet in Australia. In addition to his role as primary industry advocate, political strategist and spokesperson for the IIA, Peter drove the IIA's policy development work and instigated the formation of specialist taskforces to leverage member expertise in diverse legal, economic and technical areas.

Peter oversaw the development and implementation of industry codes of practice within the IIA representing industry's proactive response to a range of challenging social policy areas within Australia, ranging from cybercrime to online privacy. In his role, Peter acted as industry representative on a number of high level bodies and regularly appeared before House of Representatives and Senate inquiries to advise on the development of facilitative and workable rules for the internet and new media.

Recognised as an international expert in internet governance and joint industry-government co-operation, Peter has addressed audiences in the US, Europe Asia and Africa.

Join the CSO newsletter!

Error: Please check your email address.

Tags IIAPeter CoroneasbotnetsLulzseccyberterroristsrichard clarkemalwarecyberwariCodeAnonymous

More about APTBushetworkIIAInternet Industry Association

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Peter Coroneos

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place