Tag Archive for: botnets

IoT Botnets and Infostealers Frequently Target Retail Sector

/in


New research by Netskope Threat Labs has revealed that IoT botnets, remote access tools and infostealers were the key malware families deployed by attackers targeting the retail sector in the past year. The findings were revealed in a new report on the retail sector.



Retail has also undergone a shift in the past 12 months from predominantly Google Cloud-based applications towards Microsoft apps like Outlook. In last year’s report, Google applications were far more popular in the retail sector than in other industries, but over the past year the researchers have seen a resurgence of Microsoft’s popularity. This is particularly evident for storage with the gap between OneDrive and Google Drive widening over the past year, with the average percentage of users shifting from 43% to 51% for OneDrive and falling from 34% to 23% for Google Drive. Similar trends were observed with Outlook (21%) supplanting Gmail (13%) as the most popular email app.

Microsoft OneDrive remains the most popular cloud application for malware delivery across all sectors including retail. Attackers gravitate towards tactics that capitalise on users’ trust and familiarity with OneDrive, increasing the likelihood they will click on the links and download the malware. In retail, attacks via Outlook are more successful than in other sectors – retail sees twice as many malware downloads via Outlook (10%) as other industry averages (5%).

The research also found that botnets and trojans are targeting network devices. Specifically, the Mirai botnet family has increasingly been seen to target exposed networking devices running Linux such as routers, cameras, and other IoT devices in the retail environment. Similarly, remote access trojans (RAT) were popular as they allow access to browsers and remote cameras, sending information to attackers or receiving commands. Since the leak of Mirai malware’s source code, the number of variants of this malware has increased considerably and poses a risk to retail as a sector with multiple vulnerable endpoints.

Paolo Passeri, Cyber Intelligence Principal at Netskope said: “It’s surprising that the retail sector still finds itself specifically targeted with botnets…

Source…

What are Botnets and Why are MSSPs So Concerned?

/in


In part one of MSSP Alert’s series on botnets, we delve into the nature of botnets and why MSSPs and MSPs are so concerned about them.

Botnets can lurk undetected in an organization’s computer network for years, covertly and maliciously poking and prodding with malware aimed at finding a vulnerability to potentially launch a full-scale cyberattack that will cripple IT systems, steal sensitive data and impose a ransom demand while demanding a business’ reputation.

Botnets have the ability to infect an entire IT network, be it software, applications or any type of device that even scratches the surface of digital technology. Botnets are the product of “bot-herder” (i.e., hacker) that either physically or mechanically sends the bot from their command-and-control servers to an unknowing recipient via file sharing, email, social media application protocols or via other bots as an intermediary.

When someone opens a malicious file on their computer, the bot reports back to command and control where the bot-herder can dictate commands to infected computers, Palo Alto Networks explains. In fact, bots can be updated by the bot-herder to change their entire functionality based on what he/she would like for them to do, and to adapt to changes and countermeasures by the target system.

Botnet Business Booming

Josh Smith, threat intelligence analyst for Nuspire, a Commerce, Michigan-based MSSP, believes that botnets don’t often receive the media attention that ransomware attacks do. Regardless, MSSPs, MSPs and the cybersecurity industry in general are keenly focused on botnets.

However — often much to their frustration — Nuspire’s customers are not always as aware of botnets as they should be, Smith said. Nor are their customers’ employees taking the appropriate measures to protect against bot intrusions.

“Botnets are quiet, sneaky and don’t make the headlines,” he said. “They get remediated. They get fixed. They get cleaned. But they’re still a very big threat to organizations everywhere.”

According to Nuspire’s recently released 2023 Cyber Threat Report, botnets saw a 25% year-over-year increase in activity, with the Torpig Mebroot botnet comprising 56% of all botnet…

Source…

Botnets: The uninvited guests that just won’t leave

/in


Botnets have been in existence for nearly two decades. Yet despite being a longstanding and widely known threat, they still have the power to wreak havoc on an organization’s networks, and often do so successfully while evading detection. 

The majority of contemporary malware families have set up botnets for command and control (C2) connections. It stands to reason that the number of active botnets would grow in sync with the number of malware families and versions. When FortiGuard Labs researchers analyzed botnet activity during the first half of 2023, we saw there are more botnets currently active, inevitably increasing the chances that organizations will be impacted by this threat.

What’s more concerning, though, is that we observed an increase in dwell time: Botnets are lingering on networks longer than ever before being detected. This underscores the fact that reducing response time is critical because the longer organizations allow botnets to remain, the greater the damage and risk to the business.

Botnet activity and dwell time are on the rise

The number of active botnets grew in the first half of 2023, up 27% from the prior six-month period. We also saw a higher rate of botnet activity (+126%) among organizations when comparing those same periods. 

Botnets are like uninvited guests that just won’t leave.

The true eye-opener for botnet trends in the first half of this year is the sharp rise in the overall number of \”active days\”—the period between the start of a botnet\’s activity and the termination of its C2 communications. In comparison to measurements made at the beginning of 2018, this reveals a more than 1,000x rise, demonstrating that botnets have become more tenacious in the last five years.

As botnets are quick to adapt and broaden the variety of devices they can automatically infiltrate and control—including some devices that traditionally haven’t been closely inspected, such as IoT—there are more vulnerabilities and exploits than ever that botnets can leverage.

Take back control from the botnets

Reducing response time is vital. The longer the dwell time, the more likely it is that botnets can impact a…

Source…

Battle of the Botnets: How MSSPs Play the Game

/in


In this article, MSSP Alert examines the tactics and technologies MSSPs and MSPs use to spot and stop botnets. Read part one of the two-part series: “What are Botnets and Why are MSSPs So Concerned?

Any time an MSSP or MSP signs up a new customer it’s an expedition into the unknown, an exploration on day one into a potentially under-managed and vulnerable cyberspace environment.

As you begin this journey, you’re wondering who had been watching the customer’s endpoints (hopefully, but not likely, all of points of entry) and what might have already slipped through detection (perhaps years ago) and infected its IT systems — like a botnet or some type of covert malware.

MSSPs and MSPs surely know the potential of a botnet finding its way into their own IT network or devices. Why wouldn’t the bad guys go after those who would prevent them from laying the track to a ransomware attack?

The tools and techniques of the cybercrime trade are not unsurprising inasmuch as the evolving sophistication of the instruments and tactics of today’s threat actors. For instance, AI is now being used by cybercriminals typically operating out of China, Russia and North Korea.

Waging the Botnet Battle

Jim Broome, president and chief technology officer at DirectDefense, said his MSSP employs a robust endpoint detection and response (EDR) solution with their customers.

“For us, it’s a two-fold answer,” he said. “The more traditional botnet activity that people are associated with is just malware. So we have a managed security services solution built around managed EDR, partnered with CrowdStrike and Cylance BlackBerry (and others). You have to put the two together to look for signs of infection.”

DirectDefense also has a dedicated practice around application security, largely penetration testing, red teaming, software development and lifecycle review. Essentially, these activities are delivered within a professional services package that complements its managed security services.

“This is how we’re helping organizations deal with the struggle of protecting their applications against botnet activity,” Broome said. “Time and time again we’re being called in either for incident response…

Source…