Battling Botnets: Protect Against Relentless Foes

Battling Botnets: Protect Against Relentless Foes


May  20 
Ricardo Font  Director, Product Management, SecureNow 

As IT systems become more secure, malicious actors have developed increasingly sophisticated threats – often carried out in higher volumes. Bot networks (or botnets), which leverage the lack of security controls around end users, have accelerated this risk.

Cybercriminals use botnets to gain control of and operate massive networks of private computers infected with malicious software. Fortunately, a centralized and integrated cybersecurity solution with real-time risk decisioning capabilities can help organizations remain steps ahead of fraudsters.

Preventing and mitigating cyberthreats begins with identifying and understanding botnets. Botnet attacks don’t compromise single devices. Instead, they can destroy entire online identities. Depending on the malicious actor, botnet attacks can be executed on a wide-ranging scale.

Your company could face several scenarios:

  • A single, opportunistic attack from a criminal acting alone
  • Groups of hackers looking to disable an alarm or alert system or install persistent malware that continuously reinstalls itself after cleaning
  • Organized crime operations gaining access to web servers to orchestrate multilevel attacks
  • Cyberespionage by nationally or state-sponsored criminal operations, which are often very sophisticated, infrastructure-targeting attacks

Credential stuffing is one of the most common tactics criminals use to carry out an account takeover. This form of attack, also known as credential cracking or a brute-force cyberattack, seizes control of a system or a system’s assets by impersonating legitimate accountholders.

Automated credential stuffing and cracking tools make it easy for criminals to check hundreds of thousands of credential combinations on multiple websites. Even if they are identified and shut down quickly, the sheer speed and volume of the attacks can do significant and lasting damage.

 

How to Protect Against Botnets

There is good news: Most financial institutions are equipped to counter malicious threats. Integrating multiple protection methods, including layering important safety measures, is the key to a successful defense.

Strong, regularly updated passwords remain an effective barrier to unwanted activity when they are actively managed. Encourage employees and accountholders to use password managers to store account usernames and passwords. Implement forced password resets annually for accountholders and more often for employees. 

Multifactor or multistep authentications require providing additional proof of identity. Multifactor authentication (considered more secure) often requires something you know, such as a password, something you possess, such as an identification badge, and something you are, such as a fingerprint. True multifactor authentication uses secure channels to access a biometric app – all encrypted, no password. Multistep authentication requires two or more pieces of information, both typically in the “something you know” category. Passwords, security questions and entering a PIN are the most common examples of that category.  

Detect suspicious patterns. Humans are creatures of habit. Leverage that to identify variations on typical usage, such as a user logging in on an unfamiliar device, during an atypical time of day or with different frequency. Simply questioning suspicious activity can thwart malicious intent. Use tools that can recognize and flag geo-velocity, which is the physical impossibility of a user logging in from different countries within minutes, as another effective safeguard.

Assessing risks includes taking complete inventory of your company’s assets – physical and digital – to determine the complete cost of replacement. Assign both quantitative and qualitative values to determine the probability of risk. Then, rank each risk based on a combination of its probability and potential impact. Once you understand the cost of a resolution and the likelihood of an event, you can determine the best preventative action.

Education begins by communicating regularly with staff, accountholders and stakeholders to minimize any annoyance with the inconvenience of continuously resetting passwords. Reinforce the importance of security measures, educate staff and accountholders about recent threats and provide ongoing best practices.

 

Staying Ahead of Fraudsters

Some of the largest and most respected companies have been victims of botnet attacks that resulted in major data breaches. Unfortunately, it takes very little investment from cybercriminals – as little as a few hundred dollars – to wreak havoc. Now more than ever, financial institutions require robust cybersecurity solutions with real-time risk decisioning capabilities to remain steps ahead of fraudsters.

 

To learn more about streamlining and automating risk management, visit our Resource Center