Advanced anti-tracking botnet: an evolving trend of DDoS Attack

A cyber threat report says cloud computing has become an evolving platform for botnet-based attacks. By using a Domain Generation Algorithm, attackers are able to render themselves undetectable by security devices.

New Territories, Hong Kong (prHWY.com) February 20, 2013 - The newly publishedGeorgia Tech Emerging Cyber Threats Report for 2013, prepared by Georgia Tech Information Security Center and Georgia Tech Research Institute, hashighlighted cloud-based botnet as anevolving trend of DDoS attack in 2013. With the use of Domain Generation Algorithms, attackers are able to operate undetected bycommand-and-control (C&C)serversin cloud.

"The main purpose of DGA is to make botnet server tracking more difficult by using random domain names for rendezvous points, as these names are randomly generated or even don't exist. When launching an attack, attackers register a new domain as per DGA rules, allowing the botnet to connect with it and starting remote commands from C&C servers," said Frank Tse, Security Researcher at Nexusguard.

"The commands can be effectively designated at specific dates and times. When security firms try to trace the attack, the attackers would have already terminated the connection of botnet and C&C server. Even if they security firms manage to effectively trace the domain, the domain itself is in random or even doesn't exist." Frank added. "This enhance the difficulties of engaging in filtering, as doing somay impactlegitimate customers with domains on the 'randomly generated' list"

"End users should thus attempt tomonitor their own traffic and terminate all malicious traffic to C&C servers. They can also request the legal authorities to stop running suspicious C&C servers, " Frank said.

Donny Chong, the Head of Marketing and Channel at Nexusguard, said that China remains the single largest source of botnet. "This is largely due to its weak Internet security policy and the abundance of Trojans infected freeware floating around the Internet. It doesn't help that Botnets are freely traded and sold in forums and discussion boards,under the pretenseof stress testing services."

"This scenario proves to be a problem for businesses trying to capitalize on the growing consumer market in China, with businesses forced to deal with hundred of thousands of seemingly legit users attacking their system at any one time."

"Other sources of attacks includes datacenter attacksoriginating from Korea, whereby datacenter infrastructure and controls are paradoxicallyabundant and lacking at the same time, as in the cases of Russia, Japan, The United States of America, and various South American States," shared Donny.

Due to their uniqueness and the difficulty of combating them, Botnets will continue tobe a choice weapon in the arsenal of attackers. Trojans developers and insertion specialists have a high motivation to capture and increase their hold on botnets as a commodity; this trend will continue to grow in countries where Internet security policies are still developing. As a premium provider of cutting-edge web solutions, Nexusguard understands the evolving threat of botnets,and is always ready to combatbotnet-based DDoS attacks. For more details please visit http://www.nexusguard.com/.

###

Tag Words: ddos attack

Categories: Security

Link To This Press Release:

URL HTML Code