One of the world's biggest botnets has been taken down, cracking open a global platform that infiltrated more than half of the Fortune 1000 companies, according to the Associated Press. The take down came as authorities in Spain arrested three of the ringleaders of the the botnet, dubbed Mariposa. The suspects haven't been …
Managed Security Providers
As I wrote in a recent posting, even for large intranet operators it is too difficult to properly protect their network.
Many firewall admins are actually belonging to the biological species called "Bradypus variegatus". They manage to wear T-shirts and old jeans, but you can spot them from their long beard and bad smell.
It is time to get real pros monitoring the firewall and other critical points in an intranet. Bruce Schneier made a lot of money with Managed Security Services and for good reason. It does not make economic sense to replicate these highly specialised skills in thousands of instances, when the best expertise should be concentrated at one point. Also, the knowledge gained by monitoring breakin and exfiltration attempts should definitely be collected at a central point.
Managed Security Providers
The snag with Managed Security Providers is that you cannot trust them. In the event that they miss something that causes real damage to a client's systems and business, the Managed Security Provider's lawyers are going to tell their technical staff to withhold any information that might place liability on themselves.
I agree everyone should be sharing relevant information though.
One of the big problems I have seen is that senior management don't like security - it loses money without any apparent business gain (as they see it). They just like to see the box ticked but don't like to expend resources in this area, until the day there is a problem. Then follows a month of panic and blame, followed by a return to the status quo.
It's not so easy.
Type your comment here — plain text only, no HTML
Firewall management isn't really the solution seeing as HTTP seems to be the communication route taken by bots. Unless you have trained your staff to specifically track encoded traffic of a size unknown, either incoming or/and outgoing. For eg, as far as I know Zeus/Zbot uses RC4 but I could be wrong. Also I think, most bots will be scantime and runtime crypted against AV detection, ie physically undectable and memorially undetectable.
This is why botnets grow to such a size, and infect systems where more than average protection and security is employed. The spread of conficker only confirms that. Corporations spend more on system security than your average Joe, this being that they probably have more resources to protect, which makes them all the more attractive to bot herders, they also have more resources to exploit.
Perhaps it's time to look at the quality of protection these companies are employing, not the quantity.
Most companies cant protect their network properly because some over confident phb who doesnt actually know anything ignores the firewall admin whos telling everyone why something shouldn't be done, because he has is wearing a teeshirt and old jeans.
Attitudes like yours are not professional and wearing a suit and grooming yourself for management presentations doesnt make you any more skilled at the actual job, they are hower snobbish and you can outsource to the cloud, at which point your probably going to get p0wned because some crappy offshored SAAS hasn't got any better security than the one your replacing it with and you probably share that "security" appliance as a vm on a machine running about 40 different "security" instances, maybe some carders, who knows. The point is you wont.
Good security begins at home and you can only trust what you explicitly allow to happen on your own kit.
Ever the defensive game..
Protecting against attack is always the defensive game. You have to win every time, they only have to win once.
It's a great truism that the best form of defense is attack; however, in this arena, it needs specialist knowledge, and strong interfaces to the active part of law enforcement to actually mount an offensive.
The average corporate/organisation doesn't have the time, or the contacts to do this effectively, so we need a group, such as the ones investigating and co-ordinating the investigation and bust in the article to act as the 'digital army' protecting us from the electronic barbarian hordes. Every corporation is the equivalent of a villiage with wooden pallisades and a local militia (at best). We need a more highly trained, specialised and funded group to protect the greater scope.
"This is why botnets grow to such a size, and infect systems where more than average protection and security is employed. The spread of conficker only confirms that. Corporations spend more on system security than your average Joe"
I have to disagree, the patch which prevents the flaw which is exploited by conficker was released in October 2008. Why are we still seeing corporations getting infected? Swift patch management is a large part of the solution.
How many corporattions I wonder are still using a dangerously obsolete version of Acrobat?
"Corporations spend more on system security than your average Joe"
And people from Essex spend more on car numberplates than your average Joe. That doesn't make them more sophisticated, either.
a botnet called "butterfly". Isn't that pretty?
@matthew 13,@norman andrews
Both exhibit poor reading skills, 1st, my reference to conficker was about it's spread, not whether or not patch management works. The point about average joe is about quality, but thanks for pointing out sophistication. Rarely are those two terms mentioned in the same breath as either Essex or number plates. I commend you on your wit sir.
It's time to get serious about punishment
If these botnet operators get any jail time at all in our enlightened society, it will likely be about 3 years. Let's try something serious: 1 day for each computer infected. Quite reasonable, and will tuck them away for over 30,000 years.
I think the bigger point is
They got caught. Unless botnet creators operate from countries where law enforcement is lax, or where they have ties to the government, they still have a high chance of getting caught.
I count that as good news.
whose internet names and ages ...
I have several internet names, one of which you see here, but I had never thought of having internet *ages* too!
- Fee fie Firefox: Mozilla's lawyers probe Dell over browser install charge
- Did Apple's iOS make you physically SICK? Try swallowing version 7.1
- Pics Indestructible Death Stars blow up planets using glowing KILL RAY
- Neil Young touts MP3 player that's no Piece of Crap
- Review Distro diaspora: Four flavours of Ubuntu unpacked