Cybercriminals have recently broken records for DDoS strength. Here's how to protect your network from attacks, and prevent devices from being assimilated into botnets.
Cybercriminals are increasingly relying on the power of botnets—networks of compromised computers and devices which can be controlled en masse—to orchestrate distributed denial of service (DDoS) attacks, as well as propagate ransomware and phishing attacks, among others. For these malicious actors, the appeal is unbeatable: It is cheaper to use the devices and networks of others to launch attacks, there is no paper trail to connect the attackers to the devices from which attacks are being propagated, and the geographic distribution of devices in a botnet limits the ability to identify the origin of these attacks.
SEE: SMB security pack: Policies to protect your business (Tech Pro Research)
The potential power of botnets is massive, as even small botnets can inflict massive damage, as seen in the memcached flaw, which broke records for DDoS strength earlier this year. Similarly, VPNFilter, an advanced malware attack believed to be developed by a nation-state actor, was being primed to destabilize the Champions League finals earlier this year.
In cybersecurity, the sports maxim "the best defense is a good offense" is greatly applicable. Taking active measures to prevent devices in your organization from being assimilated into a botnet, and practicing basic security hygiene to strengthen your network against simple attacks, can go a long way to ensuring the security integrity of your organization. The Council to Secure the Digital Economy recommends the following six strategies for enterprises to follow in the 2018 International Anti-Botnet Guide, published Thursday.
1. Secure updates
Software vendors publish security updates for a reason, though it is the responsibility of IT to ensure these updates are installed on systems in a timely and uniform fashion. While some industries may require qualification for added software, generally, automatic installation of updates is the easiest way to ensure systems are secured.
2. Real-time information sharing
Sharing information about anomalous network activity, and subscribing to feeds from government and law enforcement or industry security groups, can create a herd immunity effect, benefiting your organization and the internet as a whole.
3. Network architectures that securely manage traffic flows
Per the report, "Enterprises can exercise control over the design of their network architectures to limit the flow of malicious traffic during a DDoS attack carried out using botnets or other means. A network architecture designed with security as an explicit goal can complement other precautionary measures, such as anti-DDoS services offered by infrastructure providers and other ecosystem participants."
SEE: Cross-site scripting attacks: A cheat sheet (TechRepublic)
Larger organizations that can dedicate staff time to security activities would benefit from monitoring observable phenomena indicative of botnet traffic, as well as setting up device rules to automatically block and remediate the origin of that traffic inside the network.
4. Enhanced DDoS resilience
Commercial DDos protection services can provide a great deal of protection against such attacks, as well as provide filtering solutions to fit specific needs of your organization.
SEE: Man-in-the-middle attacks: A cheat sheet (TechRepublic)
5. Identity and access management
Ensuring that information can only be accessed by personnel authorized to have such access can mitigate potential damage of malware which scrapes corporate networks, as well as protect against ransomware attacks.
Additionally, implementing two-factor authentication (2FA) including physical security keys can greatly improve the security of your network. According to the report, "Since early 2017, when Google began requiring all of its employees — more than 85,000 in total — to use physical security keys, not a single employee's work-related account has been phished."
6. Mitigating issues with out-of-date and pirated products
Using software or hardware that is unsupported by vendors is a substantial security risk, as these products will not receive security updates as new vulnerabilities are discovered. Likewise, vendors often block pirated software from receiving security updates.
The big takeaways for tech leaders:
- Cybercriminals have broken records for DDoS strength in 2018, posing larger risks to enterprise networks than ever before.
- The Council to Secure the Digital Economy provides six best practices for limiting exposure to DDoS threats, and preventing devices in your network from becoming compromised.
- 10 ways to raise your users' cybersecurity IQ (free PDF) (TechRepublic)
- Hackers can exploit this bug in surveillance cameras to tamper with footage (ZDNet)
- Facebook data privacy scandal: A cheat sheet (TechRepublic)
- Man-in-the-disk attacks: A cheat sheet (TechRepublic)
- Autonomous cyber defences are the future: Richard Stiennon (ZDNet)
- 8 strategies to keep legacy systems running (TechRepublic)