The Obama administration recently announced the launch of a public/private effort to combat botnets. It's just one of several example of botnets getting more attention as an important link in an ever-expanding chain of cybercrime.
We certainly welcome the attention. Botnets are behind some of the biggest attacks in recent memory-from the Stuxnet worm to the Flame toolkit, to more routine intrusions such as identify theft and password breaches.
Botnets are compromised computer networks that can anonymously take over additional computers to launch viruses, email spam, and denial of service attacks. Botnets are in fact one an increasingly common method used by cybercriminals to undertake malicious attacks.
The issue for businesses, as well as governments and individuals, is the elevated frequency of these attacks. My concern is that existing tools designed to combat the growing wave of attacks will have little impact on curbing the escalating cybersecurity threat.
This fight requires speed, nimbleness and intense smarts. The hackers and the bad guys are pretty smart. In many ways, the train has left the station. The genie is out of the bottle. Insert metaphor of choice here.
Companies around the world are compromised every day. The question is, how compromised? The answer: very. Botnets work by allowing cybercriminals to hijack corporate and personal computers to launch attacks. To get a sense of the scope of the problem, just look at how recent high-profile hacks like the breach of Zappos.com enabled thousands of botnet operators to purchase the stolen information to commit further fraud. Or that every time a group brings down a website in a denial of service attack, a botnet was part of the equation.
Since the dawn of the Internet, the cat and mouse game between cybercriminals and everyone else has only escalated. Ever played "Whack-A-Mole" at your local arcade? That's cyberwar when the objective is taking down botnets.
Don't believe those who say the threat is subsiding. Online criminals can't be prevented from unleashing a botnet. But what can be done is preventing widespread damage: A virus spreading to millions of computers or a crime ring stealing millions of dollars from unsuspecting consumers. Anti-botnet efforts should focus on stopping bots at the point of attack, before the damage is done. We like to call this 'active defense.'
For our team, botnets are as likely to come up in conversation as the weather does for farmers. Botnets rise and fall, every minute of every day, some large enough to take down a major bank's online capabilities, some smaller but no less lethal, intending to steal money from unsuspecting consumers.
We know because of our technology that goes "behind enemy lines" to scan up to 13 million botnets or more on any given day to gather intelligence so that an attack can be prevented. And that's the kind of real-world, real-time data that's required in cyberwar. You have to know and understand the enemy, and how they evolve over time.
So what to do?
The typical reaction to most cyberattacks is to call on law enforcement, as Microsoft did to break up two Zeus botnet servers used by a crime ring. However, government agencies simply can't move fast enough to give rise to a permanent solution. Last year, the Department of Homeland Security and the Department of Commerce floated a proposal to have Internet service providers (ISPs) inform customers if they were the victims of botnet attacks. Expecting ISPs to deploy and manage honeypot servers without elite engineers who understand how the Internet works at its most basic level is simply
unrealistic. ISPs provide connectivity. That's their core competency. Not security.
The only way to be successful in this golden age of cybercrime is to stay a step ahead of the criminals and use real-time prevention tools. Anything less will leave the online enterprise in a compromising position.