!!!!!!!!!!!!!!!!!!!!!!!!!!!"!#$%%!&'!"(&)'*!!!!!!"#$%!&'(!)*+',+%!!

Similar documents
Panda Security 2010 Page 1

Botnets: major players in the shadows. Author Sébastien GOUTAL Chief Science Officer

A custom excerpt from Frost & Sullivan s Global DDoS Mitigation Market Research Report (NDD2-72) July, 2014 NDD2-74

5 Trends That Will Impact Your IT Planning in Layered Security. Executive Brief

Security for SIP-based VoIP Communications Solutions

Service Provider View of Cyber Security. July 2017

ddos-guard.net Protecting your business DDoS-GUARD: Distributed protection against distributed attacks

DDoS MITIGATION BEST PRACTICES

RESELLER LOGO RADICALLY BETTER. DDoS PROTECTION. Radically more effective, radically more affordable solutions for small and medium enterprises

ERT Threat Alert New Risks Revealed by Mirai Botnet November 2, 2016

HOW TO HANDLE A RANSOM- DRIVEN DDOS ATTACK

THE COMPLETE FIELD GUIDE TO THE WAN

BUILDING A NEXT-GENERATION FIREWALL

Customer Agreements, Policies & Service Disclosures for PINE TELEPHONE COMPANY

DDoS: Evolving Threats, Solutions FEATURING: Carlos Morales of Arbor Networks Offers New Strategies INTERVIEW TRANSCRIPT

Security Gap Analysis: Aggregrated Results

TOP TEN DNS ATTACKS PROTECTING YOUR ORGANIZATION AGAINST TODAY S FAST-GROWING THREATS

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

How DDoS Mitigation is about Corporate Social Responsibility

Large-Scale Internet Crimes Global Reach, Vast Numbers, and Anonymity

Kaspersky Security Network

BRING SPEAR PHISHING PROTECTION TO THE MASSES

IBM Cloud Internet Services: Optimizing security to protect your web applications

The Interactive Guide to Protecting Your Election Website

Future and Emerging Threats in ICT

CDW LLC 200 North Milwaukee Avenue, Vernon Hills, IL

Customer Agreements, Policies & Service Disclosures for PINE CELLULAR COMPANY

Chapter 6 Network and Internet Security and Privacy

Supercharge Your SIEM: How Domain Intelligence Enhances Situational Awareness

SaaS Flyer for Trend Micro

Technical Brochure F-SECURE THREAT SHIELD

Introduction to

DEFENCE IN DEPTH HOW ANTIVIRUS, TRADITIONAL FIREWALLS, AND DNS FIREWALLS WORK TOGETHER

Enterprise D/DoS Mitigation Solution offering

Allot Corporate Presentation

THE CRITICAL COMMUNICATIONS COMPANY CYBER SECURITY AS A SERVICE

Securing the SMB Cloud Generation

Arbor White Paper Keeping the Lights On

Understanding Managed Services

Symantec Secure One Services Program Brief

Cyber Security and Cyber Fraud

Imperva Incapsula Survey: What DDoS Attacks Really Cost Businesses

Radware: Anatomy of an IoT Botnet and Economics of Defense

Cyber Security in Smart Commercial Buildings 2017 to 2021

Integrated Access Management Solutions. Access Televentures

Security Awareness. Presented by OSU Institute of Technology

DNS SECURITY BENEFITS OF OUTSOURCING YOUR DNS TO AN IP ANYCAST+ PROVIDER

Combating Cyber Risk in the Supply Chain

Challenges in Developing National Cyber Security Policy Frameworks

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

A Review Paper on Network Security Attacks and Defences

Vincent van Kooten, EMEA North Fraud & Risk Intelligence Specialist RSA, The Security Division of EMC

SPAM Malware s Super Highway. How To Protect Yourself Against Malicious s 1

MOBILE DEFEND. Powering Robust Mobile Security Solutions

Preparing your network for the next wave of innovation

DoS Cyber Attack on a Government Agency in Europe- April 2012 Constantly Changing Attack Vectors

Modern two-factor authentication: Easy. Affordable. Secure.

2 nd ARF Seminar on Cyber Terrorism PAKISTAN S PERSPECTIVE AND EXPERIENCE WITH REFERENCE TO CERT IN COMBATING CYBER TERRORISM

A Top US Bank Trusts Neustar SiteProtect for Reliable DDoS Protection Depth

Security for Financial Services: Addressing the Perception Gaps in a Dynamic Landscape

Project 2020: Preparing Your Organization for Future Threats Today

WHITE PAPER Hybrid Approach to DDoS Mitigation

Security: 3 key areas to lock down now. Ebook

PeerApp Case Study. November University of California, Santa Barbara, Boosts Internet Video Quality and Reduces Bandwidth Costs

Cyber Crime Update. Mark Brett Programme Director February 2016

AKAMAI CLOUD SECURITY SOLUTIONS

The Cost of Phishing. Understanding the True Cost Dynamics Behind Phishing Attacks A CYVEILLANCE WHITE PAPER MAY 2015

About Lavasoft. Contact. Key Facts:

WHITE PAPER. Operationalizing Threat Intelligence Data: The Problems of Relevance and Scale

escan Security Network From MicroWorld Technologies Anti-Virus & Content Security

Broadband Internet Access Disclosure

The Cyber Savvy CEO Getting to grips with today s growing cyber-threats

Mitigating Outgoing Spam, DoS/DDoS Attacks and Other Security Threats

Kaspersky Small Office Security 5. Product presentation

SOLUTION BRIEF. Enabling and Securing Digital Business in API Economy. Protect APIs Serving Business Critical Applications

Trend Micro Deep Discovery for Education. Identify and mitigate APTs and other security issues before they corrupt databases or steal sensitive data

M2M in the Real World: Security Best Practices and Lessons Learned

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Virus Outbreak

The Cost of Denial-of-Services Attacks

IPv6 Deployment Overview & Policy Update

A GUIDE TO CYBERSECURITY METRICS YOUR VENDORS (AND YOU) SHOULD BE WATCHING

Why Real Testing Requires Emulation, Not Just Simulation for Layer 4-7

Securing Your Business Against the Diversifying Targeted Attacks Leonard Sim

Chapter 10: Security and Ethical Challenges of E-Business

Smart Service Packs. Providing customer recruitment, retention & new revenue streams. 1 Smart Service Packs

Protecting the Home Front

DDoS Protector. Simon Yu Senior Security Consultant. Block Denial of Service attacks within seconds CISSP-ISSAP, MBCS, CEH

Vendor: Cisco. Exam Code: Exam Name: Cisco Sales Expert. Version: Demo

ITU WSIS THEMATIC MEETING ON CYBERSECURITY, GENEVA, SWITZERLAND, 28 JUNE -1 JULY PAPER ON THE STATE OF CYBERSECURITY IN UGANDA.

HKISPA Response to the Consultation Paper on the Proposals to Contain the Problem of Unsolicited Electronic Messages.

The Scenes of Cyber Crime

Stochastic Blockmodels as an unsupervised approach to detect botnet infected clusters in networked data

What can we lose not implementing proper security in our IT environment? Aleksandar Pavlovic Security Account Manager Cisco

Multi-vector DDOS Attacks

The SD-WAN security guide

The emerging battle between Cyber Defense and Cybercrime: How Technology is changing to keep Company and HR data safe

The Challenge of Spam An Internet Society Public Policy Briefing

Is the Best Defense a Good Offense? Christopher T. Pierson, CIPP/US, CIPP/G James T. Shreve, CIPP/US, CIPP/IT

AN ANALYSIS OF CYBER CRIME AND INTERNET SECURITY

Business Strategy Theatre

Transcription:

"#$%%&'"(&)'* "#$%&'()*+',+%

-&..+*/0+1*'2"#$%&'()*+',+% #,3410,$3*41(,3%&'()*+',+#,0531+67/-&..+*/0+1*' "'+3*(50+1*' For too long, service providers have been getting a free pass on addressing some of the most dangerous threats to the safety of the Internet. For the past few years, botnets and the criminals behind them have been actively reshaping the landscape of cyberspace for the worse. Endpoint security providers, the financial industry, consumers, and enterprises are, to one degree or another, scrambling to react to these new attacks on their businesses and bank accounts. However, aside from involvement in a few high-profile botnet takedowns, most service providers have done little to stop these threats from the dark side of the Internet. While a few service providers are taking some effective measures to stop customers from suffering blows to their finances or privacy, most are not. This, despite the fact that ISPs are, arguably, ideally positioned to address this growing problem. 89,)*+',+893,&+ Let+s briefly recap the current situation. On the technological front, we have seen the decline of the,fire and forget+ type of Internet threat in favor of a new approach - malware that includes a,phone home for further instructions+ capability. Botnets, as they have come to be called, have become invisible armies in the hands of increasingly organized cybercriminals. The exact size of the botnet problem is difficult to determine. Estimates of the number of.zombies/ or.bots/ - systems infected with botnet malware - vary greatly depending on your source. Shadowserver+s estimates of bot-infected PCs over the past 3 years have been as high as 7 million systems, and seldom dropped below 1 million. 1 Some academic research indicates bots could account for as many as 11% of the 650 million computers attached to the Internet, or 71.5 million computers. 2 What are criminals using all these.bots/ for? Predominately: spam, identity theft and other financial crimes. Conservative statistics indicate that between 80% and 95% of spam comes from botnets, and between 80% and 90% of e-mail is spam. Identity theft is also widespread. Amazingly, so many identities are available that a complete individual identity sells for $3 to $15 in wholesale cyber markets. 3 "#$%&'&(') * "#$%&'(')'"*+$

-&..+*/0+1*'2"#$%&'()*+',+% Many experts agree that one of the key factors in the success of the botnets has been the lack of consistent security practices on the part of individuals and small businesses. This lack of security has given the botnets an open playing field from which to launch their attacks. Why should service providers take a more active role in solving this problem? There are a variety of reasons, ranging from the selfless, to the practical, to the selfish. :&;,+9,<*3.(&),++,3$.&0, First of all, ISPs should be looking to keep their customers safe. Some ISPs have begun to,deal+ with the security problem by negotiating with security software providers to give their customers free security software. While this is certainly a good first step, putting the burden on customers to find, install, and maintain security software is unrealistic, and places an unfair burden on the customer. Customers are just that, customers. Their interest is in their lives and businesses. History has shown us end users are not technology experts. If left with the responsibility to protect their PC, many will neglect to do so, making it all the more dangerous for everyone. In addition to keeping customers safe, ISPs have a responsibility not to pass along malicious and worthless Internet traffic to their peers. Not only are botnets the major source of spam, but they also pump a ton of other worthless traffic onto the Internet. In 2008, Arbor Networks did a study that showed that up to 3% of all Internet traffic is composed of packets that are part of distributed denial of service attacks. 4 These DDoS attacks are another product of botnets. "(,&.='>*30,?,'+$*1'+ From a practical standpoint, ISPs are simply in the best position to deal with these types of threats. First of all, endpoint solutions, even if users install them and keep them working, have not proven effective at combating botnets. The efficacy of these solutions can be demonstrated by looking at the rate of botnet infections over the past few years. A particularly telling example is the Zeus botnet, which is well known to collect banking information from infected computers. Although it was first discovered in July of 2007, even as of August of 2010, fewer than 50% of Antivirus clients were correctly detecting and removing this extremely dangerous threat. A much more effective approach to the botnet problem involves breaking the connection between the bots and their Command and Control (C&C) servers at the network level. This prevents infected systems from sending stolen information back to the C&C, keeps systems from sending spam, and effectively stops the infection in its tracks. "#$%&'&(') 0 "#$%&'(')'"*+$

-&..+*/0+1*'2"#$%&'()*+',+% The very best place to do this network-level filtering is the service provider network. The service provider network is similar to the Internetʼs Interstate Highway System or Autobahn all traffic going anywhere on the Internet must pass through the ISP network. This makes them the most logical location to intercept botnet communications. Additionally, ISPs already have all of the technology and resources needed to do this network filtering. At the most basic level, all that is needed are highperformance network routers. The modern infrastructures of nearly all ISPs are more than capable of doing this blocking, with virtually no impact on the overall performance of their network. More advanced blocking of more carefully hidden C&C servers requires looking deeper into the traffic, and making a more complicated decision. This requires advanced traffic shaping or filtering technology. Again, this technology is quickly becoming ubiquitous in ISP networks. #&4,:*',6@A,,B-5%+*?,3% Of course, there are more than a few selfish financial reasons for ISPs to step up to the botnet problem. Firstly, once customer computers become infected with a bot, they can become very slow. When they are active (sending spam, etc.) they also consume quite a bit of the inbound and outbound bandwidth. Bots also have the potential to interfere with other, uninfected systems in the home, or disrupt VOIP or IPTV streaming. This brings up an important motivation - increased customer satisfaction. Providing a safer product will reduce customer problems and increase customer satisfaction. Secondly, proactively addressing security issues offers the opportunity for ISPs to differentiate themselves around a topic that has the potential to resonate with their customers. Providing,cleaner pipes+ provides a benefit to customers beyond price. Even if security plays only a small role in customer buying decisions, it will impact the bottom line. An ISP with 10 million subscribers who can increase their customer base by even 1% stands to increase revenue by as much as $24M per year. ISPs may also want to consider taking a proactive stance in the fight against malware in order to avoid mandates from governments. In many ways, Internet connectivity is being viewed by consumers and governments as a public utility, and, therefore, something to be monitored and regulated. After all, consumers worldwide have the expectation that when they turn on the faucet or flip on the light switch, they will not be poisoned or electrocuted. With Internet becoming "#$%&'&(') 1 "#$%&'(')'"*+$

-&..+*/0+1*'2"#$%&'()*+',+% the medium for traditional services like telephone and TV, the mission-critical nature of home broadband networks is constantly increasing. Many watched the recent debate in Australia over censorship of child pornography with apprehension - not because of the issue at hand, but because of its implications for ISPs. If the technical problems associated with filtering traffic correctly can be overcome, it is easy to see how this type of an effort could be extended to include other forms of traffic with absolutely no accepted value. Malware could certainly fall safely inside this category. By proactively taking meaningful steps to combat the threat, ISPs can legitimately make the case that.the market will take care of itself/ and potentially avoid governmental mandates. This could save ISPs huge amounts of money and allow them to adopt the most effective and economical solutions. Lower tech support costs are another potentially compelling reason for ISPs to become more involved in security. Botnets often give the customer the impression that there is some problem with the network, and triggers a call to tech support. Help desks are an expensive part of any consumer-facing business. Fielding botnet calls is even more difficult, because often times the help desk doesn+t have the time or expertise to help the customer fix the problem beyond suggesting.you have a virus, please try installing antivirus software./ The main argument against ISPs blocking malware has been a technological one - much of the malware traffic on the Internet today resembles legitimate traffic. Internet Relay Chat, web, and secure web (HTTPS) are among the most popular protocols used by the cybercriminal. ISPs make the simple argument that blocking any of this traffic risks interrupting valid consumer communications. In the past, there may have been legitimacy to this argument, but technological advances in malware intelligence have begun to create highly actionable, accurate lists of botnet C&C servers that can be blocked without any collateral damage. -*'0.5%1*' Therefore, the time has come for ISPs to step up to the plate and begin taking an active role in protecting the safety of their customers and the Internet community. They have a moral obligation to do so, because they are in the best position to combat the threat most effectively. Moreover, there are significant financial reasons for them to become involved, both in lowering their costs and increasing customer loyalty. To learn more about the botnet threat, visit http://www.umbradata.com. "#$%&'&(') 2 "#$%&'(')'"*+$

-&..+*/0+1*'2"#$%&'()*+',+% 1 http://www.shadowserver.org/wiki/pmwiki.php/stats/botcount36-months 2 Brent Rowe, et al, The Role of Internet Service Providers in Cyber Security, June 2009, RTI 3 Symantec Intelligence Quarterly January-March 2010, page 4 4 http://news.techworld.com/security/11854/net-traffic-clogged-with-junk-packets/ "#$%&'&(') 3 "#$%&'(')'"*+$

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback