By Emad Fahmy, Systems Engineering Manager Middle East at NETSCOUT
With the world rapidly migrating to scalable online services for video streaming, gaming, and messaging, it is not surprising that malware has followed closely behind. Botnets, in particular, are emerging and expanding at such a rapid pace that it is more vital than ever for enterprises to proactively manage possible security threats from them.
Botnets are groups of malware-infected computing resources that can be used to attack any connected target system. The term “botnet” is a portmanteau or combination of the phrases “robot networks.” They are a growing menace to every firm, allowing threats ranging from password theft and gaining access to corporate systems to disruptive attacks that shut down entire networks or even hijack corporate data with ransomware.
The Botnet Evolution
NETSCOUT’s 1H 2022 DDoS Threat Intelligence Report, revealed how botnet threats are evolving in sophistication and frequency, including accelerated growth of types sorts of attacks and more complex means of concealing. In short, botnets pose a greater threat to corporate security than ever before.
Botnets have been around since the 1990s, but they’ve developed at an alarming rate in the last year. According to the report, there were over 67 million connections from over 600,000 distinct IP addresses across 30,000 businesses and 168 countries in the first half of 2022 alone.
Indeed, the number of high-confidence botnet nodes increased significantly in the first half of 2022, rising from 21,226 in Q1 to more than 488,000 in Q2. More nodes imply a greater number – and increasing complexity – of botnet attacks in the future.
Moreover, just as major software suppliers continue to innovate by bringing solutions that are faster, more complex, and easier to use, botnet security risks are also evolving. There are new “DDoS for hire” services, for example, that make it easier than ever to launch coordinated and complicated attacks against target firms, organisations, or industries. The purpose of such behaviour is to confuse security personnel with DDoS while attackers actively seek to exfiltrate data and employ ransomware to lock it up and render it unavailable.
Furthermore, from the second half of 2021 to the first half of 2022, there was a considerable increase in botnet direct-path attacks, resulting in more application-layer attacks, according to the research. This surge in direct-path assaults reflects the ongoing trend away from typical reflection/amplification DDoS attacks and toward more direct-path attacks.
Unfortunately, no one is safe from these constantly changing risks posed by botnets. Financial factors, revenge, geopolitical objectives, ransom chances, or even malice can be the driving force behind an attack. More advanced botnet attacks pose a bigger risk to everyone, including gamers, financial institutions, and companies that may have geopolitical rivals.
Innovations in botnet technology are not limited to DDoS-for-hire platforms and an increase in direct-path attacks. To avoid detection, many botnets are integrating additional features. For instance, malware from the Mirai family has recently started using SOCKS5 proxies. This malware can evade analysis and mitigation of affected nodes by including the usage of SOCKS5 proxies in its communication protocol, making itself more deadly and challenging to find and eliminate.
The good news is that there are proactive methods of defence. Bot management solutions, for example, can distinguish between good and bad bots and then prevent harmful activity from interfering with critical systems and negatively impacting end-user experience. These can take the shape of an inline security appliance installed at the network perimeter (between the internet router and the network firewall) to provide security and defence. These technologies can also identify dangerous bots by utilising behavioural analysis that detects irregularities while allowing valuable bots to communicate with web services and networks.
Although organisations cannot predict where the next security attacks will originate or what they will look like, they can be certain of one thing: botnets will continue to evolve at a rapid rate, gaining new capabilities and expanding to pose even greater threats. To avoid potential disruptions to their operations, services, reputations, and financial results, it’s clear that all types of organisations must be more proactive in defending themselves against these types of attacks.