Can information sharing stop bots in their tracks?

Bots are a bigger security problem than we think. Those of us who work in security are not unaccustomed to running into bots on the networks we monitor; in Check Point's 2014 Annual Security Report, released last month, our research found that 49 percent of organizations had seven or more bot-infected hosts.

[How retailers can boost security through information sharing]

Malware exposure and infections increased across the board last year, reflecting the increasing success of targeted malware campaigns.  In 2013, 73 percent of organizations had at least one bot detected, compared with 63 percent in 2012. Meanwhile, 16 percent of organizations were infected with more than 35 hosts and 77 percent of them had bots on their networks that were active for more than four weeks. But the truth is that we have seen situations that have been far worse--networks with literally thousands of bots running on them.

To an untrained eye, having a handful, let alone hundreds or thousands, of bots on your network might seem alarming. But, all bots are not created equal in terms of their ability to disrupt an individual or organization. Some bots are no more than a nuisance while other bots have the potential to reap havoc on a network. And, what that bot does on your network really depends on the skill of the developer, the purpose of the bot and the ability of that bot to make it on your network in the first place.

Bots have ranged in severity. A few examples (from bad to worse) are:

  • Adware-based bots: Those that drive up revenue for publishers by clicking on banner ads.
  • Zeus: A bot that looks to steal financial information, such as bank account information and social security numbers, from large organizations and individuals. Can be deployed as a prebuilt kit.
  • StuxNet: The mother of all bots, programmed to stop the production of uranium at the Iranian Nuclear power plant and arguably sent the country's nuclear ambitions back months, if not years. This is the extreme example of targeted malware, designed for a very focused purpose and leveraged attack vectors that are largely unknown.

So, where there's a will there's a way.

[Info-sharing between the feds and private sector needs work, says NSS]

What's driving the proliferation of these bots? If ten thousand bots on a network is an indication of anything, it's that the ability to create and distribute bots is easier than ever. Almost anyone can unleash a bot onto a network. How is that possible, you may ask? There's big business in selling bots to any Monday morning quarterback and criminal elements are developing and selling bot kits, offering customization, 24-hour support and a rented command and control center to anyone with a credit card. The Zeus toolkit is a good example. Any individual that wants to deploy Zeus in an attempt to steal financial or personal information can try their hand at it by buying and downloading a toolkit online.

What can organizations do to protect their networks against these bots and their repercussions, big and small?

Aside from the traditional routes, which include network scanning and banning sites and applications that distribute these bots, technology and security professionals should be much more open to sharing information about these threats both inside the organization and with their peers.

There is a perception among security professionals that sharing information on attacks and threats is an admission of their failure to do what's needed to protect the network. However, bots are so prevalent due to the sheer fact that they make their authors so much money; there's no reason to believe that they will become less pervasive over time. When it comes to bots and other threats, information sharing is a critical weapon for the arsenal of security professionals.

The easiest way to start is to take advantage and contribute information about your own environment to threat feeds. Many organizations are hesitant to share information about their own environment, but distributors of this information have the technology in place to anonymize details in the effort to provide greater and more holistic intelligence to the larger community. The more people who share data, the better the data becomes.

Another way to share data, and this one is even more optimistic, is when an attack is identified and remediated. Sharing these details with the security community helps others understand potential attack vectors, as well as recovery options. We can, essentially, learn from past issues. It also serves to highlight the issue, to ensure others are taking real threats seriously.

[Bad bots on the rise: A look at mobile, social, porn, and spam bots]

As threats become even more prevalent and sophisticated, data sharing will become imperative. The data is only as good as our willingness to share. And, as hacking becomes big business, information sharing will be become on of our best defenses against hackers.

Kellman Meghu is Head of Security Engineering (Canada and Central US) for Check Point Software Technologies Inc., and has spent the past 20 years deploying application protection and network-based security.

Join the CSO newsletter!

Error: Please check your email address.

Tags check pointinformation sharingbotssecuritySecurity Leadershipmalwareinfections

More about Check Point Software TechnologiesCheck Point Software TechnologiesCheck Point Software TechnologiesInc.Point Software TechnologiesSoftware Technologies

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Kellman Meghu

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts