Botnets and Cyber Warfare - A Dangerous Combination
The US Government is very keen on the theme of warfare, being among the countries that invest most in the field.
In a cyber security context, we can enumerate a huge quantity of cyber threats that are designed and enhanced daily in a heterogeneous world that includes many different variants that could harm the military and private sectors causing serious damage.
In recent months, the has been increased concern over the development of botnets that are affecting critical systems for countries, such as those of the financial markets and the military.
White House Cybersecurity Coordinator Howard Schmidt has extensive knowledge of the problem, and for this reason he’s convening federal agencies, law enforcement and private companies to define a common strategy to deal with the threat.
Behind botnets we can find several types of actors such as cyber criminals, foreign governments and also hacktivists with different motivations, like cyber espionage, financial fraud and arranging protests. The components of these botnets involve several countries, different social contexts and different laws and regulations - for this reason it is quite difficult to arrange a unique front to combat with the threat.
During the McAfee Public Sector Summit in Arlington, Va. on April 11th, Schmidt declared:
“There’s been a lot of discussion about botnets…trying to identify how many are out there, what they’re doing, what they could do and what the impact could be. I’ve asked my office to engage in a private-public partnership to enhance the nation’s cybersecurity by fighting against bot networks,”
“We’re teaming U.S. internet service providers, search engines, internet vendors, privacy rights advocates and groups and trade associations to tackle this on all fronts. We’re working on developing best practices and an industry code of conduct within the next 90 days.”
The work groupk led by Schmidt is working to reach the following four main goals:
- to develop principles for addressing the botnets.
- establish high-level strategies to increase public awareness on the botnets.
- leverage available consumer-focused information tools and resources to prevent the botnets from the beginning.
- identify ways of measuring progress.
I agree with the approach of the U.S. government, and I believe that the strategy defined and the targets are consistent with an approach to the problem that has become indispensable. It is essential to get a snapshot of the current situation and to define methods to measure the extent of spread of the threat.
The process of measuring and the defining a set of metrics that can provide a status on the evolution of the threat is an essential step, however it is necessary that the parameters must be universally recognized.
Another key to fighting the proliferation of botnets is the ability to increase the level of awareness of the threat in each sector while also providing the tools necessary to tackle the problem.
As repeatedly stressed, there is no clear line between cybercrime and cyber warfare, and botnets are a serious threat with tremendous offensive potential. Through the establishment of a botnet it is possible to attack the nerve centers of a country, and isolated attacks can target critical infrastructures, create serious problems in areas like finance, communications and transport.
That is the nature of cyber warfare, no matter if behind the attack there is a foreign government or ruthless criminals, either way the risk is high and combating the threat has high priority.
“We’re looking at what [botnets] might do to a business’s infrastructure, to personally identifiable information – identity theft, credit card fraud, et cetera – but it goes beyond that. What we’re beginning to see is about 4 million new botnet infections every month…it’s a moving target,”
What most worries the U.S. government is the high rate of the spread of malware in the private sector, and that it is not easy to counter the phenomenon. It has been estimated that one in ten Americans has some kind of malicious software on Their devices.
To aggravate the scenario is the rapid spread of mobile devices, which in my opinion are the most vulnerable in security terms. The impressive growth in the demand for mobile devices has not been met with awareness of the threats, and the users ignore the potential of smartphone and threats most of the time.
Mobile botnets take advantage of unpatched exploits to provide hackers with root permissions over the compromised mobile device, enabling hackers to send e-mail or text messages, make phone calls, spy on users, access contacts, photos, and more.
The main problem is that botnets go undetected, and this makes it really difficult to tackle the problem. The malware spread by them is self propagating, spreading the agents to other devices via e-mail messages or text messages.
Examples of mobile botnets are DreamDroid and TigerBot (SMS Controlled Android Malware) malware that compromised Google devices, Zitmo (zeus varian) that targeted Blackberry platform, and CommWarrior which affected Symbian devices.
The most recent is TigerBot, a new form of Android malware controlled via SMS messages that can record phone calls, upload the device’s GPS location, and reboot the phone among other operations executable, preventing the message from being seen by the user.
TigerBot tries to hide itself from the user by not showing any icon on the home screen and by using legitimate sounding app names (like System) or by copying names from trusted vendors like Google or Adobe.
TigerBot differs from “traditional” malware in that it is controlled via SMS rather than from a command & control (C&C) server on the Internet. The polymorphism of the threats and the genesis of new variants are the issues that are most concerning, and this malware can essentially turn the devices into "zombies".
According to Schmidt it is necessary to act immediately, let me conclude with a meaningful affirmation the he said:
“One of the clear issues we won’t be doing anymore is to just sit back and admire the problem. We’ve done that for too long. We’ve written strategy after strategy…it’s time to move beyond the strategies and actually move into an environment where we’re executing on these strategies,”
Cross-posted from Security Affairs