Tragedy in numbers, botnets, a group of compromised systems working together, can cause all kinds of problems for your organization: DDoS attacks, brute force attacks, creating huge amounts of spam. Even worse, botnet activity is on the rise.
Ideally, these botnets will be stopped before they can cause damage, but typically botnets are handled by law enforcement, which doesn’t step in until damage has already been done. Law enforcement agencies shut down command servers and make arrests; you’ve still been compromised. There’s nothing wrong with arrests being made after the fact, but organizations need to stop these attacks quickly and protect themselves against this growing threat.
Preventing botnet attacks
Don’t become the problem.
To get multiple systems working together, cybercriminals infect machines with Trojans virus to get past security and then gets them all working together. Using a strong anti-virus will help you prevent your computers from becoming part of a botnet. Avoid being part of the problem; if everyone did, botnets could not exist.
Keep your systems patched. Patching adds updates and fixes bugs that could cause you problems. Understand vulnerabilities in you systems and ensure you have a process to patch anything necessary or check for new patches regularly.
Keep an eye on your network for suspicious activity. Watch for computers to start operating slowly or erratically, notifications that you have been sending spam, any email messages in outboxes that you did not send.
Educated employees about the warning signs of botnet activity, and encourage them to report any suspicious behavior right away.
Responding to botnet attacks
If you are unable to prevent becoming part of a botnet system, you need to act quickly to keep damage to a minimum.
- Gather any evidence you can for legal action.
- Investigate how far your system was compromised.
- Share information about the attempt or attack with security organizations.
- Repair and restore your systems.
- Improve your firewalls and patching process (consider automatic patches).
- Communicate with any partners or customers who may have been affected.
Falling victim to a botnet attack can mean the loss of intellectual property, damage to your reputation, becoming an unwitting participant in fraud. While systems are in place to capture cybercriminals and shut down botnets, these actions happen after the fact and do not prevent damages to your organization. A focus on understanding and prevention will help prevent or minimize damage done by botnets.