Warning! Believe it or not, your business may be vulnerable to a zombie siege! These aren’t the shambling movie monsters of a George Romero flick, but rather a high-tech network of infected computers angling to make money off of your website.
Romero once said, “A zombie film is not fun without a bunch of stupid people running around and observing how they fail to handle the situation.” In the case of cybersecurity, victims are businesses who fail to put up an adequate web application security defense, and it’s no laughing matter.
Recruitment, Motivation and Aggression
Building a botnet army is no different than building a zombie army; it all depends on infection. Hackers build their botnet army by infecting personal computers with malware, typically hidden in spam email attachments, bogus links and fraudulent downloads. Malware then propagates itself either through spam emails sent from your account or spreading throughout other devices in your computer or friend network.
Once a computer is infected (often without detection), it can be used to carry out the commands of its leader – which is why infected computers are sometimes called ‘slaves.’
But why limit yourself with home computers? Cybercriminals often use public web services, like Amazon’s AWS and Google Cloud, to create virtual devices to append their botnets. These machines are impossible for defenders to blacklist because doing so means blocking all other legitimate applications that use these services, such as Netflix, AirBnB, SnapChat, Costco, and countless others.
Zombie networks (botnets) were, and still are, used to bring down websites through “distributed denial of service” or DDoS
. Recently, botnets are getting smarter and wreaking havoc on web applications using the site’s user interface; its login screen, its search mechanism, its new customer registration page, etc. Why use a botnet? Because these single-user repetitive tasks can be scaled to millions of “users” to exploit the website at a very large scale.
Additionally, hackers can use their zombie army to launch an application DDoS attack, which floods a website with resource-intensive requests, like fare search or credit card validation, until the server is overloaded and the website crashes, blocking legitimate visitors from using or viewing the site.
There can be a number of motivations for launching a DDoS attack, ranging from cyber extortion and ransom to cyber protests. Some hacker collectives launch these attacks just to get a laugh at your expense.
A favorite tool in the hacktivist arsenal, DDoS attacks have gotten widespread media attention following attacks on PayPal and MasterCard in 2010
as part of a digital protest by hacker group Anonymous on behalf of WikiLeaks founder Julian Assange.
Even more surprising is the DDoS attack launched on the CIA in 2011
which knocked the intelligence agency offline for almost a full day. Responsibility was claimed by LulzSec who said they did it “just for the lulz.”
While these are examples of a “network-level” DDoS attack, cybercriminals are increasingly using botnets to conduct “application-level” DDoS attacks. If our top businesses and government agencies can be taken offline, what hope is there for your organization?
There are two types of botnet attack prevention you should be aware of. The first is personal: how to prevent your own computer from being recruited; and the second is primarily important for organizations: how to prevent a DDoS onslaught.
How to Prevent Your Own Computer from Being Recruited: As mentioned before, good computers turn bad when users carelessly open attachments and click on links or downloads in spam emails or visit phony social media accounts and sketchy websites. So, unsurprisingly, the best way to prevent zombification is to avoid these the best you can. Of course, no one is perfect and computers are often snagged by extra crafty cybercriminals.
Symptoms of infection include excessive pop ups (even when browsers are closed), slowed operations and spam emails sent from your outbox. You can cut the hacker’s ties to your computer by removing the malware hidden in your device.
How to Prevent a DDoS Onslaught: Botnet attack prevention is a little more complicated when it comes to protecting a large organization. Without getting too technical, botnet attack prevention relies on detection, classification and response.
One example is application front-end hardware which intelligently identifies traffic requests on the server, filtering out dangerous requests and allowing legitimate user access. Another technique identifies automated traffic that’s malicious and reroutes it into a “black hole” or nonexistent server where the botnet can do no damage.
Additionally, some cyber defense companies specialize in understanding the behavior of hackers and automated attacks to better differentiate it from genuine customer requests; thereby boosting your cybersecurity without inconveniencing your customers.
Banish the Botnet
Romero once said his zombie stories “are about humans and how they react, or fail to react, or react stupidly.” Hopefully these tips have better prepared to you react intelligently to the threat of zombies and DDoS attacks. Get smart, not infected.