Despite Takedowns, Botnets Aren't Going Away Any Time Soon

Here’s what data center managers can do to reduce exposure to the likes of the Andromeda botnet.

Maria Korolov

December 8, 2017

2 Min Read
Cables and routers at a Comcast distribution center
Joe Raedle/Getty Images

Last week, authorities from the US, Germany, Belarus, and the European Union took down the Andromeda botnet and arrested its mastermind.

It's a big deal, because the botnet had infected more than 2 million computers, and because the mastermind was arrested in Belarus, which has begun cracking down on cybercrime despite otherwise being close to Russia. Russia and some of the other former Soviet republics are notorious havens for cybercriminals.

But the botnet threat isn't over. In fact, the threat isn't over even from this particular botnet.

Not only was the software running it available on the Black Market -- so that anyone could go and set a similar botnet up -- but the takedown involved just the command-and-control servers, not cleaning up all the infected machines.

According to Europol, a similar botnet called Avalanche was taken down a year ago but 55 percent of the machines that were originally infected are still infected today.

Meanwhile, more and more vulnerable devices are connecting to the internet all the time.

Gartner estimates that there are 8.2 billion Internet of Things devices in use this year, up 31 percent from 2016.

"People are buying the cheapest device that they can get," said Adam Meyers, VP of intelligence at CrowdStrike. They place convenience and function ahead of security and there isn't much pressure on manufacturers to improve.

Related:Why DDoS Attacks are on the Rise

That means that the botnet threat is only going to keep getting worse. "As long as there's a market for cheap devices and nobody is making noise about security, I don't think it's changing," he said.

In addition to take over consumer-owned connected devices, botnets also target corporate assets, including end-user computers and servers.

The compromised machines can then be used to send out spam, spread more infections, mine bitcoins, engage in click fraud, launch DDoS attacks, and infect corporate systems with spyware and ransomware.

There are steps enterprises can take to protect their networks, said Jason Brvenik, CTO at NSS Labs.

Data center managers should make sure they use isolation to keep botnets from spreading and strong monitoring to catch any communications from botnets that have entrenched themselves.

In addition, when buying IoT devices companies should check that the manufacturer guarantees that the device is secure -- and will remain safe in the future.

"That's the number one thing that enterprises can do to improve things," he said.

The problem is that the devices contain vulnerabilities, have weak configurations, and easy-to-guess default passwords, said Oleg Kupreev, lead malware analyst for anti-botnets at Kaspersky Lab. "That is like an open invitation for bots," he said. Instead, vendors should change the default passwords and release timely software updates.

Related:Report: Mirai Botnet DDoSed 17 Dyn Data Centers Globally

Meanwhile, owners should double-check that they have properly configured the settings and keep their devices patched and up-to-date.

"If these steps are taken, the risk of infection with bots – and creating new botnets – will be eliminated," he said.

About the Author(s)

Maria Korolov

Maria Korolov is an award-winning technology journalist who covers cybersecurity, AI, and extended reality. She also writes science fiction.

Subscribe to the Data Center Knowledge Newsletter
Get analysis and expert insight on the latest in data center business and technology delivered to your inbox daily.

You May Also Like