Protecting your practice from botnets

June 1, 2018

Making sure you’re safe doesn’t have to be a difficult process.

Botnets are covert armies of compromised networked computers and devices (bots) that have been subverted by malware to enable remote control by a cybercriminal.

Botnets are bred and nurtured by hackers to provide a powerful, dark cloud computing network used to conduct cybercrime attacks, like the recent DDoS attack against popular Domain Name Service (DNS) provider Dyn. This attack took down several flagship websites and significant parts of the internet for hours.

The good news is, it’s relatively simple to ensure your computers and devices aren’t part of the next Botnet attack. This article shows how you can protect yourself against the risk of botnet infection and easily identify any bots operating on your network and clean them up before they become part of the next cyberattack.

Related article: Are you vulnerable to exploits?

In order to understand how to identify and stop botnets, it’s important to understand how they work - how they get started, how they spread and how they operate.

Like any other malware, botnets start by entering your network through one of a few different conventional means:

Email attachments: malware is often delivered as an email attachment as part of a spam or phishing campaign that attempts to have the user execute the attachment to kick off the initial exploit.

Web sites: compromised websites often contain malware that can be silently executed by the browser, kicking off a chain of events that ends up exploiting a vulnerability on the system and infecting it.

Remote access: IoT devices that are exposed to the internet, allowing direct login access with factory credentials, are the worst offenders, but hackers are not beneath brute force password hacking or exploiting known vulnerabilities in web interfaces to gain control of a device.

USB sticks: while this infection technique is now almost legendary, there’s still a danger that a user will foolishly plug in a USB device of unknown origin into their computer to see what it contains, only to introduce malware onto their system.

How to protect your practice

The essential ingredient to effective protection from botnets is your network firewall. Look for the following components in a next-gen firewall to ensure you’re getting the best protection possible:

Related article: 9 ways to avoid cyber attacks

Advanced Threat Protection: Advanced Threat Protection can identify botnets already operating on your network. Ensure your firewall has malicious traffic detection, botnet detection, and command and control (C&C) call-home traffic detection. The firewall should use a multi-layered approach that combines IPS, DNS and Web to identify call-home traffic and immediately identify not only the infected host, but the user and process. Ideally, it should also block or isolate the infected system until it can be investigated.

Read through to page 2 for more tips...

 

Intrusion prevention: IPS can detect hackers attempting to breach your network resources. Ensure your firewall has a next-gen intrusion prevention system (IPS) that’s capable of identifying advanced attack patterns on your network traffic to detect hacking attempts and malware moving laterally across your network segments. Also, consider blocking entire Geo IP ranges for regions of the world you don’t do business with to further reduce your surface area of attack.

Sandboxing: Sandboxing can easily catch the latest evasive malware before it gets on to your computers. Ensure your firewall offers advanced sandboxing that can identify suspicious web or email files and detonate them in a safe sandbox environment to determine their behavior before allowing them into your network.

Related article: 6 myths about data encryption

Web and email protection: Effective web and email protection can prevent botnet recruiting malware from getting onto your network in the first place. Ensure your firewall has behavioral-based web protection that can actually emulate or simulate JavaScript code in web content to determine intent and behavior before it’s passed to the browser. Ensure that your firewall or email filtering solution has top-shelf anti-spam and antivirus technology to detect the latest malware in email attachments.

Web Application Firewall: A WAF can protect your servers, devices, and business applications from being hacked. Ensure your firewall offers WAF protection for any system on your network that requires remote access from the internet. A web application firewall will provide a reverse proxy, offload authentication and harden systems from being hacked.

With some careful planning and diligence, you can indeed prevent your practice from being part of the next botnet!