With nearly all DDoS attacks and spam coming from bots, infections have become a growing concern for businesses as well.
To understand the threat that compromised computers known as "bots" pose to not only to individual companies but the Web as a whole, one has to look no further than the onslaught of crippling distributed denial-of-service, or DDoS, attacks Eastern Europe's Estonia has endured since the beginning of the month.
A number of the country's Web sites, including the one for its Ministry of Finance, have in the past two weeks been the victim of 128 different DDoS attacks, according to a security research site.
The attacks began in early May in protest to the Estonian government's removal of a Soviet-era memorial from the center of the country's capital, Tallinn. The country has been at odds with Russia since regaining its freedom from the former Soviet Union in 1991. Now Estonia has become the victim of a high-tech brand of vengeance, as botnets flood the country's networks with an overabundance of traffic in an effort to disrupt business and government functions.
The longest attacks themselves have been more than 10-and-a-half hours long sustained, "dealing a truly crushing blow to the endpoints," Arbor Networks senior security engineer Jose Nazario wrote Thursday in a blog entry. The Arbor Threat Level Analysis System, or Atlas, has been tracking Estonia's botnet troubles. "When you think about how many attacks have occurred for some of the targets, this translates into a very long-lived attack," he wrote.
Of the attacks Arbor has measured, 10 were at 90 Mbps and lasted more than 10 hours. "All in all, someone is very, very deliberate in putting the hurt on Estonia, and this kind of thing is only going to get more severe in the coming years," Nazario wrote.
Increasingly, botnets are responsible for 99.9% of all DDoS attacks, which pose a threat even to the largest carrier networks, says Arbor Networks chief research officer Danny McPherson. "Every time I see an attack on the Internet, I think about what's motivating the attack, whether it's religious, political, monetary, or something else," he told InformationWeek. More interesting than the size and frequency of the Estonia attacks is the context of the attacks, which is primarily political. Adds McPherson, "We see this as an act of war on the state."
The word "bot" generally refers to a compromised computer infected with malware that allows the compromised computer to be remotely controlled. Along these lines, a "botnet" is a collection of bots under the same controlling entity. This entity can communicate with different bots individually; it doesn't have to necessarily send them all the same commands. Botnet attacks aren't limited to Eastern Bloc turf wars; they've also penetrated the likes of the U.S. Department of Defense, Argonne National Laboratory, and the Alabama Supercomputer Network, InformationWeek reported last October.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.