Distributed denial-of-service (DDoS) attacks are all too commonly thought of as “someone else’s” problem, but botnets are all too easily formed.
Speaking to Infosecurity, ESET security specialist Mark James said that a “requirement to get everything connected where everything has to be available and inter-connected wherever we are in the world” has led to cheap devices getting connected to the internet, which are all too easily infected and enslaved into botnets.
“We as humans like to save money and you look at a piece of technology and see something from a mainstream provider, and we find an alternative from another country at a fraction of the cost, but few people consider the security of the device,” he said.
“The other big problem is that we accept that phones, laptops and desktops need protection, but when people buy a TV they ask for the latest technology and if they can connect it to the internet. There is no security for our devices, no anti-virus for our TV and CCTV cameras connected to the internet.”
Speaking on “The All Encompassing World of Botnets” at Infosecurity Europe, James said that many connected systems are no different to a laptop as they have an operating system and a gateway to the rest of the world.
He said that as botnets are often used for spreading malware or in DDoS attacks, when someone suffers a DDoS, you always perceive it is someone else’s problem, but the problem is it does affect you "as for a DDoS attack to be effective it needs to have a large amount of devices to work."
“They could potentially be your devices – they utilize your bandwidth, they are on your network, on your hardware.”
In the case of the Mirai botnet, James added that devices were all too easily compromised by users not changing default passwords, and the ‘botmaster’ sent the DDoS request.
While a botnet is limited by what ‘zombie’ devices it has under its control, James explained that while a CCTV camera doesn’t have any authority on the network and it is limited by what it can do, it can ask for information.
“However, what we are now seeing is multiple command and control (C&C) servers where there is a back-up C&C server to speak to and we will see this more and more,” he said. “The people writing this software are very intelligent people and will learn and adapt no differently from the security companies as programmers are people, and are good at what they do.”