Can The Criminal Justice System Thwart Botnet-Driven DDoS Attacks?
In mid-May three senators on Capitol Hill introduced a bill that aims to give law enforcement and the courts more teeth when it comes to going after cybercriminals. Senators Lindsey Graham, R-S.C., Sheldon Whitehouse, D-R.I., and Richard Blumenthal, D-Conn., filed legislation to give expanded authority to combat a broader array of botnets, also known as “zombie armies.” According to a recent article in CIODive,
“Currently the Department of Justice can only pursue botnets involved in fraud or illegal wiretapping. The agency can’t, however, go after botnets involved in destruction of data or DDoS attacks. The proposed legislation could change that, and would also make the act of selling or providing access to botnets a criminal offense.”
It’s a nice idea, and one hopes that it will help, but how likely is it that law enforcement agents will catch the bad guys who run botnets? Not very likely. Botnet attacks are notoriously difficult to spot. They are launched and then disappear without leaving enough information for victims to trace their origins—effectively acting like a giant anonymous cloud computer. Once deployed, they utilize sophisticated techniques to hide their tracks. Their command and control infrastructure can be automated or set on autopilot, they can sleep for long periods of time, and they can have ubiquitous bandwidth available at any time of day by waking up different regions at different times. They are a complex and vast maze, often operated by some of the brightest minds in cybercrime.
Botnets are increasingly popular as a method of launching spam, malware, or distributed denial of service (DDoS) attacks. DDoS-for-hire botnets are now estimated to be behind as many as 40% of all network layer attacks. Not only are they easy to launch, they are inexpensive; a quick Google search and a PayPal account makes botnets readily available for less than $50, with no coding experience necessary.
Impacts of Botnet-Driven Attacks
Why is this important, you may ask? Botnets harness enormous power because they can be deployed on thousands—if not millions—of Internet-connected devices. With so many devices now connected via the Internet of Things (IoT), each one is a potential bot in a zombie army. The more Internet-connected devices there are—from baby video monitors to security cameras to connected appliances and thermostats—the greater the potential for extremely large botnets.
Most concerning, on the DDoS front, there now is really no limit to the potential scale and size of botnet-driven DDoS attacks. Terabit-class attacks may be increasingly common, and ‘breaking the Internet’—or at least clogging it in certain regions—could soon become a reality. The bottom line is that attacks of this size can take virtually any company offline, and are a reality that anyone with an online presence must be prepared to defend against.
How to Defend Against Botnet-Driven DDoS Attacks
It’s difficult to protect internet-connected devices, especially residential systems, from being recruited into a botnet because the average user of internet-connected devices, whether they are in a smart home, smart appliance, smart car or smart office, does not typically pay close attention to software updates or critical patching schedules.
Although we can’t protect all of the devices that comprise the Internet of Things, that’s no reason for organizations to resign themselves to eventually getting attacked. They can defend themselves by using an automatic, always-on, in-line DDoS mitigation appliance that monitors all traffic in real-time, to detect and eliminate the threats from entering a network. Such a system negates the flood of attack traffic at the Internet edge, eliminates service outages and allows security personnel to focus on uncovering any subsequent malicious activity, such as Advanced Persistent Threat (APT) activity and associated vulnerability exploit attempts and data breaches. It is only through deploying these real-time solutions that IT teams will be able to identify and mitigate botnet-driven DDoS attacks on their networks.
In an ideal world, the justice system can catch all cybercriminals; in the meantime, we recommend that organizations defend their networks with technology solutions rather than waiting for the long arm of the law to catch up with criminals.