US Federal Agencies Report on the Future of Botnets

Botnet Road Map Blog

In late July, the U.S. Departments of Commerce and Homeland Security published a report titled “Botnet Road Map Status Update,” based on two research reports that the Department of Homeland Security (DHS) commissioned on botnet attacks: Technical Options and Approaches for Implementing Botnet Recommendations, and Targeting Trends for Botnet Growth. This latest report is a follow-up to the Botnet Report that the government published in May 2018. The government agencies acknowledge that solving the botnet problem requires ongoing, multi-faceted, multi-stakeholder “efforts by government, civil society, technologists, academics, and industry sectors to enhance the resilience of the Internet against botnets.”

It’s definitely worth reading this report, if you want to know what the U.S. government is doing to support cybersecurity defenses against botnets. It’s 24 pages long, and chock full of information about the challenges ahead, and progress thus far. In terms of what organizations need to know that’s new, or upcoming, in the botnet landscape, here are six key points to note:

  1. Malicious actors are looking for new ways to leverage botnets, beyond spam email campaigns and Distributed Denial of Service (DDoS) attacks.
  2. Social media botnets are likely to see continued use and development, both as a means of making money and as a way to influence the opinions and politics of these communities.
  3. Botnets will utilize new types of connected devices; i.e., more types of consumer IoT products (such as mobile/wearable devices), and other classes of IoT devices (such as industrial sensors). As stated in the report, “One might imagine that more connected devices would mean botnets growing ever larger, but this does not appear to be the case. In fact, there appears to be multiple factors that limit the size of modern botnets, including available targets, competition from other botnets, and the desire to avoid triggering coordinated responses by defenders.”
  4. Botnet makers are competing against each other for the control of IoT devices, even though their numbers continue to grow at a considerable rate. According to this report, “…botnets have been seen removing competing bots and even patching systems once they have installed their own malware to prevent other botnets from gaining access.”
  5. Botnet size is less important; botnets are becoming more sophisticated, and thereby able to inflict damage even if they aren’t considered as large. The report states: “Botnets will get more sophisticated to sidestep efforts to disrupt them, with likely development of new ways to evade detection, get control of target systems and increased resilience.”
  6. There will likely be an increase in nation-state sponsored attacks. The report says, “This state sponsorship of botnet development will result in new innovations, but those innovations will almost inevitably end up captured, dissected, and re-purposed by criminal enterprises.”

The report is not merely a summary of the problems; it refers to tasks that were identified in the May 2018 Road Map, in the following five categories: 1) Internet of Things (IoT); 2) Enterprise; 3) Internet Infrastructure; 4) Technology Development and Transition; and 5) Awareness and Education. Among the many topics covered is the need for international consensus and collaboration regarding the appropriate level of security needed for various IoT devices. In addition, this progress report touches on the National Institute of Standards and Technology (NIST) SP 800-189, Resilient Interdomain Traffic Exchange—BGP Security and DDoS Mitigation.35, as well as the Mutually Agreed Norms for Routing Security (MANRS) initiative.

One thing seems certain; although botnets are not necessarily growing in size, they are becoming more sophisticated. The threat of botnet-fueled DDoS attacks is growing, and that means organizations increasingly need automated, real-time DDoS mitigation to successfully defend against such attacks.

For over a decade, Corero has been providing state-of-the-art, highly-effective, real-time automatic DDoS protection solutions for enterprise, hosting and service provider customers around the world. Our SmartWall® DDoS mitigation solutions protect on-premise, cloud, virtual and hybrid environments. For more on Corero’s diverse deployment models, click here.  If you’d like to learn more, please contact us.

Sean Newman is VP Product Management, responsible for Corero’s product strategy. Sean brings over 25 years of experience in the security and networking industry, to guide Corero’s growing leadership in the real-time DDoS protection market. Prior to joining Corero, Sean’s previous roles include network security Global Product Manager for Cisco, who he joined as part of their acquisition of cyber-security vendor Sourcefire, where he was Security Evangelist and Field Product Manager for EMEA. Prior to that he was Senior Product Manager for endpoint and network security vendor Sophos, after having spent more than 12 years as an Engineer, Engineering Manager and then Senior Product Manager for network infrastructure manufacturer 3Com.