Botnet Trend Report-14

Botnet Trend Report-14

September 18, 2019 | Mina Hao

Conclusion and Recommendations

In 2018, botnets continued using DDoS as their primary weapon to attack regions with ubiquitous high speed networking for direct economic gains. However, they underwent significant changes in behavioral patterns, host platforms, C&C server deployment, infection methods, attack methods, and payload types. Security service providers need to adapt their strategies to better mitigate the increasing threats posed by the new generation of botnets.

The evolution of botnets taking advantage of more platforms and more attack methods make them more dangerous. IoT environments rife with vulnerabilities have given rise to many huge cross platform botnet families that are capable of fast propagation. The frequent use of reflection attacks has led to upgrading traditional families with more devastating DDoS capabilities. At the same time, the development of blockchain techniques as well as the price of cryptocurrency has accelerated the outbreak and evolution of cryptominer families.

An emerging trend of botnet development in 2018 was attackers adopting a new economic model that evolved into botnet-as-as-service (BaaS). We have seen changes in the operations of botnets as traditional botnet families are packaging themselves as commercial services giving attack control to their “clients”. This model lowers the level of skills required for using botnets to conduct DDoS attacks and expands their attack surface, making the innately flexible botnets more difficult to cope with.

Such a change in botnet lifecyle calls for changes in our defensive and research strategies:

• As defenders, we not only need to enhance our capabilities of countering ransomware and cryptominers but also need to improve the protections for IoT devices, make greater efforts in
eliminating reflectors, and better ready ourselves to defend against reflection attacks. Only by doing so can we hope to withstand the coming tsunami waves of reflection attacks.
• As researchers, we must focus research on the evolution of the botnet lifecycle to better defend against the next generation of botnets. We must closely monitor the development and behavior of
known botnet families to see how they take advantage of their new modular architectures. How will bots further develop and exploit this new capability? What new malicious activity can be
utilized through modularization? Will the ability to launch multiple blended attacks increase their exploitation success and destructive capability?

The botnet battlefield is by far the fastest growing cyberthreat today. The evolutionary lifecycles in botnet development enable rapid deployment of new attack methods and strategies, moving
momentum in favor of the attackers. Inertia is the biggest weakness defenders must overcome just to stay at status quo. Both IoT vendors and end-users must be more proactive in implementing better security of connected devices. If that doesn’ t happen, cyberattacks could devastate the internet and networks to an extent not even imagined yet. Remember, only you can prevent cyberattack damage.