Botnet attacks are not only growing in popularity among hackers, but they are also delivering a new level of sophistication and danger to businesses and consumers worldwide. In this week’s Hacker Tracker, PYMNTS caught up with security experts at digital security products provider Avast Software to gain insight into the rise of Crimeware-as-a-Service and why the industry should be taking notice of the growing threat of malicious botnets, like Avalanche and Mirai.
Filip Chytrý, threat intelligence researcher at Avast Software, defines Crimeware-as-a-Service as an automation of malicious cyberattacks — rather than hackers compromising vulnerable systems themselves, they can instead pay for already established botnets and other online interfaces to seek out and exploit vulnerabilities.
“Crimeware-as-a-Service is vastly expanding the range of where threats can come from — attackers don’t have to be skilled hackers to launch an attack when they can find hacking services on the Dark Web for minimal cost,” Chytrý explained.
The threat of botnets has evolved in both in scale and computing power in recent years.
Ten years ago, Chytrý said, cyberattacks mainly hit PCs and could be contained with antivirus software.
But today, botnets don’t have any boundaries.
“Every printer, home router and anything connected to the internet can be used by the botnet. The recent trend is basically a shift from the PC platform into the uncharted territories of IoT devices, which are more vulnerable,” Chytrý added.
With any connected device being fair game, it’s no wonder that the recently dismantled Avalanche botnet was able to infect more than a half-a-million devices and was used by cybercriminals around the world to spread malware. Avalanche’s infrastructure facilitated DDoS attacks, the spreading of phishing emails and the stealing of sensitive data, Jakub Kroustek, malware analyst and researcher at Avast Software, noted.
“The arrests of the cybercriminals involved and the destruction of Avalanche’s infrastructure and command and control servers is a great defeat. However, it is likely other smaller groups will appear sooner or later to take their place as this is such a lucrative business,” Kroustek continued.
“And since Avalanche was a platform used to spread malware, we can expect to see cybercriminals migrating to another system to continue to spread their malicious programs.”
Just last week, the U.S. Department of Justice, the U.S. Attorney’s Office and the FBI issued a joint statement that detailed their ongoing joint efforts with other U.S. and international organizations to take down Avalanche’s worldwide network of criminal computer servers.
Avalanche servers reportedly hosted over two dozen of the most malicious types of malware. Hundreds of thousands of computers worldwide are estimated to be affected. The criminal servers also hosted a number of money laundering campaigns. Over 50 Avalanche servers have been taken offline thus far.
The combined monetary losses affiliated with Avalanche malware attacks were estimated by the organizations to be valued in the range of hundreds of millions of dollars, although exact calculations are reportedly still hard to come by due to the variety of malware families present.
Though progress has surely been made in addressing this growing type of cybercrime, Chytrý said that there’s no way that just taking down Avalanche will be enough.
“Those are just baby steps in a big fight which is just starting to form,” Chytrý explained.
“This one instance may have been shut down, but think of the problem this way: The internet is a worldwide system, and to find some worldwide ‘internet police’ to start cleaning up today is simply impossible due to a variety of political reasons. Avalanche was just a small piece of the whole puzzle. Somebody will just go and use similar code on other devices.”
If one thing is clear, it’s that the burden of fighting back against the Crimeware-as-a-Service threat and botnet attacks will involve effort from all stakeholders — device manufacturers, authorities, consumers and businesses.
Chytrý explained that manufacturers of connected devices need to make security a priority for their devices rather than an afterthought, whether regulations are in place or not. Consumers must also set up all of their devices with strong, unique passwords and ensure that they have the latest firmware available in order to prevent infection.
“The fall of one bad actor is barely a dent in the greater cybercrime landscape as a whole — the information is on the web, and there will be more botnet attacks in the future. This is something we expect to grow significantly going forward, and every connected device could potentially be a target. Consumers and businesses need to remain vigilant about their security,” Chytrý said.