Catastrophic botnet to smash social media networks in 2017

Security experts predict that Mirai is far from the end of social media disruption due to botnets.
Written by Charlie Osborne, Contributing Writer

Social media networks and their prolific use will prompt a plague of botnets in 2017, security researchers have warned.

Botnets are networks of compromised devices, such as connected home gadgets, PCs, and mobile devices, which have been infected with malware specifically designed to enslave such products.

The botnet is run by an operator who utilizes a command and control (C&C) center to send commands to these devices, including what could be flooding a web domain with traffic in what is known as a distributed denial-of-service (DDoS) attack that can severely disrupt online services.

These botnets can cost hosting companies a fortune to combat. For example, in September prominent security blog Krebs on Security was the target of a 620Gbps DDoS attack made possible through the Mirai botnet, a network which enslaved millions of vulnerable IoT products.

The hosting provider, which offered to host the domain without a fee, was forced to withdraw its services due to the sheer cost of the ongoing attack.

As we come into 2017, botnets capable of causing such damage are likely to become a bigger challenge to control, according to Mike Raggo, chief research scientist at social media security firm ZeroFOX.

The security expert predicts that in the next year, a "massive" botnet will target and disrupt popular social media platforms, potentially including Twitter, Facebook, and LinkedIn.

Raggo believes that in 2017 there will be a significant uptick in social media botnets which aim not only to disrupt but also to earn money for their operators.

Botnets-for-hire, such as Lizard Squad's LizardStresser tool, are already well established. However, botnet operators are now leveraging social media to increase the strength of these slave-and-command systems, such as in the case of Linux/Moose (.PDF), which targets Linux-based routers in order to command enslaved devices to commit fraudulent actions -- such as spreading the botnet's malware further -- on social media networks.

"[The] code has also been disseminated to the wild, so I fully expect to see more variants and more frequent attacks in 2017," Raggo says.

As social networks such as Twitter, Instagram, Facebook, and LinkedIn continue to increase in popularity, so do threats against them -- and these range beyond botnets to phishing scams, social engineering, and the spread of malware. According to the executive, Facebook, Instagram, and LinkedIn will also become the top social media targets for hackers in 2017.

In particular, the enterprise should be concerned about LinkedIn.

LinkedIn is a platform for connecting professionals and ZeroFOX has witnessed a surge in fake accounts which pretend to be recruiters in order to scam people; ranging from those seeking roles in business to information security.

It is likely that the operators behind these scams, which often update and change their job roles and skills to impersonate different sector recruiters, are performing reconnaissance "with the intent of profiling individuals and their companies," according to Raggo.

Twitter, Facebook, and Instagram can also be used as platforms to share malware which infects vulnerable systems and can transform a PC into a slave node in a botnet -- whether corporate or your average user -- but schemes to dupe users into downloading malicious code or clicking a fraudulent link continue to become more sophisticated.

ZeroFOX has uncovered traps for unwitting users on social media platforms which come out of the most unexpected places. Simple, innocuous tweets and general Facebook status updates can act as a springboard for social engineering, and this information spread in public forums have become a stealthy attack vector to infect and enslave systems.

As an example, someone posting that "the men's bathroom is out of order and a repairman will be by this afternoon" could be used by social engineers to break the physical security of a target company and infiltrate it if an attacker decided to pose as the repairman.

"With the plethora of information posted constantly to social media -- an adversary can target an organization and understand the who, what, where, when, and how; and use this against the company," Raggo said.

This is not the only danger. Impostors can also use connections forged on social media to establish trusting relationships. When you trust a contact, you are potentially more likely to accept and to click on links sent directly through malicious messages or emails.

Botnets are a problem of scale, and while the average user or company can do little to prevent their creation or growth, every little bit helps. Not only does keeping your devices patched and up-to-date prevent your systems being compromised, but for each device kept secured against vulnerabilities, there is one less out there to disrupt the online services we use daily.

10 things you didn't know about the Dark Web

Editorial standards