The European Network and Information Security Agency has published a report[1] on botnets. ENISA predicts the growing threat of botnets and provides three high-level objectives for engaging the botnet threat. These are:
- Mitigation of existing botnets
- Prevention of new infections
- Minimizing the profitability of botnets and cybercrime
They have also provided top recommendations aimed at specific stakeholder groups. These recommendations are targeted towards regulators, end-users, research institutions and towards the affected parties in general (ISPs, academia, law enforcement, etc.) to collaborate and contain this threat.
Amichai Shulman, CTO of Imperva comments "Interestingly, the report does not raise the fact that botnets have in fact become a business problem and businesses should start coping with the fact that they might be dealing with infected customers. "
Shulman continues "With the rate of client infection, coupled with the rapid release of new variants of Trojans, it is practically an impossible task to expect the consumer to take full responsibility for this threat. Just last week[2], Panda Labs, announced that malware has declined in February. Yet, in our labs we have witnessed malware going undetected by anti-viruses for over a week. Furthermore, different attack schemes take on a "hit-and-run" model. In these cases, the malware code is run only once on the client machine and self-destroys. This means that even if the user downloads the most updated anti-virus release, it will be too late to detect that piece of malicious code."
There are two aspects we should look at where the consumer attack becomes a business problem:
1. Infection. Hacker's main vehicle for infection is through compromised legitimate sites. These sites then host the malware while innocent visitors download the malicious code. What should concern businesses is that many times search engines flag these sites as malicious. Similarly to the real-time issue that the anti-viruses face, many of these search engine alerts are produced after a relatively long delay. But what really hurts the business is the actual "malicious site" warning tag - a certain virtual kiss of death for many businesses.
2. Infected Clients. There is a vast amount of infected clients which perform transactions with the business. The threat to consumers is constantly growing and is past the point where we can expect most of our consumers to avoid infection. While providers should urge consumers to be prudent, they must learn how to interact with infected consumers and create a safe environment for them regardless of the general threat.
Shulman concludes "Given the above points, we must say that we have reached the point where botnets have become a business problem."
Amichai Shulman, Imperva's CTO discussed last week this business problem. You can view this recording: Botnets and Client Malware Shake IT Departments[3].
[1] http://www.enisa.europa.eu/...
[2] http://blog.imperva.com/...
[3] https://www.imperva.com/...
For further information on Imperva: www.imperva.com
- Mitigation of existing botnets
- Prevention of new infections
- Minimizing the profitability of botnets and cybercrime
They have also provided top recommendations aimed at specific stakeholder groups. These recommendations are targeted towards regulators, end-users, research institutions and towards the affected parties in general (ISPs, academia, law enforcement, etc.) to collaborate and contain this threat.
Amichai Shulman, CTO of Imperva comments "Interestingly, the report does not raise the fact that botnets have in fact become a business problem and businesses should start coping with the fact that they might be dealing with infected customers. "
Shulman continues "With the rate of client infection, coupled with the rapid release of new variants of Trojans, it is practically an impossible task to expect the consumer to take full responsibility for this threat. Just last week[2], Panda Labs, announced that malware has declined in February. Yet, in our labs we have witnessed malware going undetected by anti-viruses for over a week. Furthermore, different attack schemes take on a "hit-and-run" model. In these cases, the malware code is run only once on the client machine and self-destroys. This means that even if the user downloads the most updated anti-virus release, it will be too late to detect that piece of malicious code."
There are two aspects we should look at where the consumer attack becomes a business problem:
1. Infection. Hacker's main vehicle for infection is through compromised legitimate sites. These sites then host the malware while innocent visitors download the malicious code. What should concern businesses is that many times search engines flag these sites as malicious. Similarly to the real-time issue that the anti-viruses face, many of these search engine alerts are produced after a relatively long delay. But what really hurts the business is the actual "malicious site" warning tag - a certain virtual kiss of death for many businesses.
2. Infected Clients. There is a vast amount of infected clients which perform transactions with the business. The threat to consumers is constantly growing and is past the point where we can expect most of our consumers to avoid infection. While providers should urge consumers to be prudent, they must learn how to interact with infected consumers and create a safe environment for them regardless of the general threat.
Shulman concludes "Given the above points, we must say that we have reached the point where botnets have become a business problem."
Amichai Shulman, Imperva's CTO discussed last week this business problem. You can view this recording: Botnets and Client Malware Shake IT Departments[3].
[1] http://www.enisa.europa.eu/...
[2] http://blog.imperva.com/...
[3] https://www.imperva.com/...
For further information on Imperva: www.imperva.com
