14 Ways to Evade Botnet

Malware Attacks On Your Computers

December 18, 2019Wang Wei

Cybercriminals are busy innovators, adapting their weapons and attack strategies, and ruthlessly
roaming the web in search of their next big score.

Every manner of sensitive information, such as confidential employee records, customers'

financial data, protected medical documents, and government files, are all subject to their
relentless threats to cybersecurity.

Solutions span a broad spectrum, from training email users to ensuring a VPN kill switch is in
place, to adding extensive advanced layers of network protection.

To successfully guard against severe threats from hackers, worm viruses to malware, such as
botnet attacks, network managers need to use all tools and methods that fit well into a
comprehensive cyber defense strategy.

Of all the menaces mentioned above to a website owner's peace of mind, botnets arguably
present the most unsettling form of security risk. They're not the mere achievements of malicious
amateur cybercriminals.

They're state-of-the-dark-art cyber-crafts. What's most rattling about them, perhaps, is their
stealth, their ability to lurk around seeking vulnerabilities to exploit invisibly.

How Do Botnets Work?

Proliferating botnets is not one of the more straightforward strategic hacking weapons. Botnets
are subtle data-extracting malware. They infiltrate networks, unauthorisedly access computers,
and allow malware to continue operating without disruption for users, while they steal data and
funnel it outside the victim network and into awaiting "botmasters," evading detection
throughout the process.

What Can You Do to Stop Botnets?

The front line of cyber defense has got to be manned by people — real people working at their
computers, doing their everyday tasks in the office.

The best defense against ever-evolving threats is to educate the users who are the perpetrators'
prime targets. These particular front lines span the spectrum of web interactions, from email to
social media.

It's recommended to implement a strategy that incorporates as many of the following approaches,
from some basics to more sophisticated solutions, as practicable for your organization:

1. Be Sure Your VPN Has a Kill Switch in Place

A virtual private network (VPN) allows users to access confidential information by connecting to
the VPN via the public network. Your VPN provider should have a VPN kill switch in place to
keep sensitive data, such as your IP address, from inadvertently being transmitted through an
unsecured connection.

2. Develop a Robust System to Capture and Block Fraudulent Emails

A business email compromise is such a common attack strategy that it has its own acronym, and
the numbers of BEC scam incidents are continuously rising. This kind of attack is tough to
defend against.

· Solutions to BEC detection and elimination require effective classification and policies
 for blocking suspicious email senders, content, and attachments.

· Install defensive gateway web tools such as WebSense, McAfee, to help block receipt of
email from undesired sources and block requests from being sent out to addresses that are
reputed to be possible sources of malware.

3. Build a Culture of Diligent Defense Against BEC

Social manipulation is reportedly among the most common methods criminals use to wage
attacks on email accounts.

They've long figured out that clicking on email attachments is a reflex for many busy users. So,
shore up the security of your system by:

· Expecting users to open email attachments, even if your organization has an official
policy, buried in a handbook somewhere—maybe about thinking before clicking and
more prominently promote the policy.

· Provide training and frequent updates to employees on their options for helping network
security, for example, using strong passwords.

· Teach users how to obtain help and to use real-time solutions to isolate and avoid the
kinds of attacks that exploit network users.

· Teach users to be diligent in reporting suspicious emails. Include examples of email

attacks and simulations in your training, to help people learn to identify attacks, and
 provide extra support for users whose accounts appear to be the most vulnerable.

4. Switch to Manual Software Installation

It could be unpopular advice, but some organizations should disable the automatic installation of
software via the AutoRun feature based on their threat landscape.

Disallowing AutoRun from automatically installing software can help prevent a computer's
operating systems from indiscriminately launching unwanted commands from unknown external
sources.

5. Enable the Windows Firewall

Installing the Windows firewall is fundamental for baseline protection against incoming security
threats. Users may want to disable the Windows firewall to prevent it from blocking network
connections they want to make.

If your networked computers have alternative adequate firewall protection, then it may be
preferable or even necessary to disable the Windows firewall.

The critical point here is to have appropriately configured firewall protection in place.

6. Compartmentalize Within the Network

Consider network compartmentalization. In today's work environments, many, perhaps most,

computer stations have to communicate with one other between departments, often many times
daily.

However, limiting or eliminating that ability for machines that don't need that kind of broad
access can go far in helping stop botnets from spreading throughout your network.

· To the extent possible:

· Minimize your network's risk by forming virtual local area networks (VLANs).

· Use your access control list (ACL) filters to restrict access to objects and limit threat
exposure.

7. Use Data Filtering

Botnet malware usually works by establishing interactions with at least one remote command-
and-control server, which hackers also use to extract sensitive information illegally.

To block the malicious interactions and thwart the criminal activity, use data filtering on
information exiting your network.

Some viable approaches include:

· An egress content filtering tool can be applied, forcing the flow of your organization's
web traffic through the filter and prevent information from exiting your organization's
network.

· A data loss prevention (DLP) solution can also be used to monitor unauthorized accesses
and breaches, stopping them from leaking information.

8. Break Domain Trust Relationships

Eliminate password trusts to regain tighter control over your local accounts. Cautiously
controlling your local administrator account is essential to cutting off threats and eradicating
them.

Inactivating the automatic ability of computers to interconnect shuts off the route used by botnets
to circulate through an internal network.

In networks, where some or many computers contain highly sensitive data, this can provide a
secure alternative to defend against botnet attacks.

9. Employ Additional Layers of Prevention

Put additional layers of protection to help prevent botnets from ensconcing themselves in your
system, focus on shoring up the network, for example, at specific points of contact that are
especially vulnerable, such as routes from certain hardware or software components.

A couple of things to keep in mind:

· Host-based intrusion detection systems are exceptionally efficient, but they're also
expensive, and typically difficult to deploy successfully.

· These tools cannot correct gaps or other existing technical deficiencies in an operating
system.

10. Enhance and Increase Network Monitoring

Closely monitoring the network, information on how connected users are operating within an
organization, arms network defense solutions significantly.

Having a deeper understanding of how everything and everyone is ordinarily interacting makes it
much easier to detect unusual activity quickly when a botnet or other malware intrusion has
begun.

· Ideally, 24-hour monitoring of network activity should be the policy, employing data
collection tools that detect anomalous behavior and block attempts to infiltrate the
system.

· Consider pricing remote cybersecurity services, to provide the extent and quality of
network monitoring equipment and expertise that may be more than in-house IT facilities
and/or staff alone can provide around the clock.

11. Control Network Accesses with Proxy Servers

Creating a supporting exit point through which Internet access can be monitored creates
reinforcement for monitoring efforts. Routing outbound information through a proxy server can
head off cybercriminals' attempts to circumvent your network security.

Filtering content through a proxy server is a practical option for most networks, although, of
course, it may not be realistic to stop every bit of potentially problematic outbound information.

12. Apply the Least Privilege Principles

Generally speaking, access rights should be based on the needs of the users' functions. Having an
administrator that is not the same person as the user of a particular workstation makes it much
more difficult for malware to be spread by downloading.

It also makes it harder to use AutoRun tactics to exploit a system. It further makes it more
challenging for perpetrators to spread malware from one infiltrated computer workstation to
others by employing a user's network account credentials.

13. Monitor Responses to Domain Name System Queries

Maintain monitoring of workstations' queries to DNS servers is an excellent approach to

identifying symptoms of botnet infiltration. For example, monitor for low time-to-live (TTL).

Unusually low TTL values can be an indicator of botnet penetration. By carefully monitoring for
low TTL, your systems administrator can take action to counter the attack and eliminate botnets
before the infestation spreads.

14. Stay Informed of Emergent Threats

Keep yourself and your IT team apprised of new local, national, and global cyber threats that
begin sweeping across regions. For example, reportedly, the incidences of cybercriminals using
URLs in emails to infiltrate internal networks were much higher than perpetrators' use of
attachments.

More generally, a staggering percentage of the successful thefts of information from internal
networks over the past year has been through the use of botnets.

Staying up to date with news on new and evolving cyber-threats is the first order of activity
network management professionals must consistently maintain, to be effective in protecting an
organization's system.

Going Forward More Securely

To protect the people who've trusted you with their sensitive personal information, protect your
organization from liability, and protect your brand's reputation, you need to defend on all fronts.

Use the above and other strategies, methods, and tools for ensuring that you maintain an effective
defense against cyber-attacks waged through email, mobile access points, social platforms, and
any other media.

As mentioned, botnets now account for a vast percentage of cybercrime. Using the approaches
discussed above can go far in helping construct a fortified cybersecurity framework that can be
scaled for any network budget and size.