More companies are making remote work a permanent status. With the initial push to remote work necessitated by COVID-19 and then prolonged by homeschooling, the following companies are now reducing office space and sending staff home: Google, Uber, Twitter, Mastercard, Nationwide, REI, Zillow, and Reuters. With each corporate announcement of permanent “work from home” status, cyber criminals participating in the rise of Botnet attacks see potential to grow their armies of zombie computers.
According to Michigan-based Nuspire’s Threat Report, the second quarter of 2020 revealed a 29% increase in botnet attacks, for a total of 1,620,910 attacks and 46 new botnets detected.
A hybrid of the terms “robot” and “network,” botnets are networks of hijacked computer devices that conduct cyberattacks to gain control of other devices, steal information, or execute denial of service attacks. If successfully acquired as a botnet, a device is controlled by the initial hijacker and will execute its commands along with an army of others like it. Hackers accumulate botnets to automate and increase attacks without having to purchase additional devices.
Candidates for botnets are any kind of internet-connected device or IoT, including mobile phones, tablets, Smart TVs, and medical devices – not just computers. Often through phishing or malware-laced applications, hackers take control of the devices to enable them to take advantage of other devices through known vulnerabilities in websites and software. The newly controlled botnet then sends emails to other devices, using the new IP addresses to evade security software, prompting the recipient to open attachments or visit websites that automatically download malicious payloads. Once the next device owner falls victim, his/her device becomes the next botnet in the hacker’s army.
Remote work increases vulnerabilities for botnet exploiters as information security personnel rarely make home visits to check internet-connections, mobile devices for prohibited apps, search memory and systems for malware, and search browser history for deceptive websites. Absent configuring individual workstations to avoid operating on administrator credentials, each announcement of remote work by companies gives Botnet controllers a new pond in which to fish. Basic searches on LinkedIn, Facebook, Instagram, and Twitter reveal the names, locations, and interests of the employees likely to be working from home.
The best ways to fight botnet attacks:
Firewall protection – invest in a quality firewall that detects malicious traffic.
Avoid End of Life (“EOL”) Products – research and ensure software products used by your entity are not at EOL and are consistently patched. For example, Adobe announced in 2017 that Flash Player would reach EOL on 31 December 2020. A best practice is determining which/how many machines are using and relying on flash player and consider replacement programs. If flash player is required for commonly frequented websites, alert the operators.
Penetration Testing – hire a red team to identify network vulnerabilities before committing to remote work to help the CISO/CSO determine the best plan to ensure network security on remote endpoints.
Educate the workforce – Advise them of common phishing tactics and ensure they change their access credentials regularly.
Botnet attacks are extremely difficult to prevent and more difficult to control. Unless a business plans to reduce all operations to snail mail and written records, prepare to defend against them in the coming months.