Botnets now target enterprise apps

Instead of being used as spam during DDoS attacks, botnets are now used to bring down enterprise apps, leaving the more connected countries more vulnerable, according to Barracuda Networks.

Botnets now target enterprise apps.

Botnets have evolved from being used for spam, to targeting enterprise applications, another threat vector to penetrate the organization. Connected nations too, are more vulnerable with the greater usage of applications for business transactions.  

According to Jan Poczobutt, vice president of sales at Barracuda Networks, botnets traditionally only picked on a few computers, are initiated through a command-and-control (C&C) server and were used for spamming during distributed denial of service (DDoS) attacks.

Enterprises could simply filter botnets by adding them to the spam list but today, attackers have changed the way they use botnets, Poczobutt noted, speaking to ZDNet Asia in a phone interview on Friday.

Botnets are now being used to conduct application-based DDoS attacks, whereby attackers send out targeted commands to applications to tax the CPU and memory, making the application unavailable, Poczobutt observed.

A Gartner study released in January too pointed out, 25 Percent of DDoS attacks in 2013 will be application-based, he added.

For example, in January this year, Microsoft and the FBI banded to take down "Citadel" , a botnet which takes control of computers and steals personal information from them through the use of key loggers, Poczobutt added. 

This is simply attackers trying to find different threat vectors to penetrate the organization, Poczobutt noted, explaining there were various entry points into the network of an organization. They include the e-mail systems, employees going onto the Internet and getting infected, and Web applications. 

This affects enterprises since the Web applications are often used for business purposes such as customer portals, he noted. For example, botnets are able to go into the applications and through a series of apps looking like user request, they can bring down entire applications, he explained. 

"If it is a company's customer service application, a botnet attack bringing it down will render the app useless for customer usage," Poczobutt added. 

Connected nations more vulnerable

Even though botnets are a worldwide phenomenon, countries and locations with a higher Internet connectivity tend to be more vulnerable, Poczobutt noted. 

He explained there was a correlation between applications used for business transactions in more connected locations, which leads to them having a higher chance of being infected.  

Singapore for example, was one of the countries with the highest number of infected computers by Citadel, because it was one of the most connected nations worldwide , Poczobutt pointed out. 

Cover all botnet penetration points

Moving forward, IT managers should not just respond to the latest botnet attacks but make sure there is a way to tackle attacks used commonly such as SQL injections which steal data from Web-based applications, he noted. 

"I think of a botnet as an infrastructure, I can make it perform different attacks and there are different limits to the kinds of specific botnet attacks that can be launched," Poczobutt noted, adding the constant evolution of botnets is "like a cat and mouse game".

IT managers should not only guard against older forms of attacks but newer forms, as the variety of attack methods continue to expand, he added.