If you’ve been paying attention to cybersecurity concerns, you might have an inkling as to why the United States Departments of Homeland Security and Commerce kicked off the year by issuing a draft report to President Trump on the importance of increasing resilience to botnets. If you haven’t been paying attention, you’re probably wondering why they even care.
The fact of the matter is that botnets and the DDoS attacks they’re behind have spent the last few years evolving from a threat to websites and businesses to a threat to entire nations. That draft report? Very necessary, and possibly even overdue.
The basics of a botnet
A botnet is a network of so-called zombie computers and other Internet-connected devices. These are devices that have been infected with malware that gives cybercriminals the ability to control them remotely. It used to be that botnets consisted largely of hijacked computers, but with the advent of the Internet of Things (IoT), it’s become infinitely easier to assemble botnets of previously unimaginable sizes. Some IoT botnets now consist of hundreds of thousands, even millions of compromised devices.
Botnets are most commonly used to launch distributed denial of service (DDoS) attacks. The basic DDoS meaning is an attack that uses a botnet to mobilize all those hijacked devices to propel a tremendous amount of malicious traffic at a target website or internet-connected service in the hopes of overwhelming the server or network to take that target offline, or at least render it unusable due to lag.
DDoS attacks have serious consequences, starting with hardware and software damage and escalating all the way to user frustration that can lead to an erosion of loyalty, and even data theft and other intrusions that can accompany these attacks. For bigger organizations, DDoS attacks can cost anywhere from $20,000 to $100,000 per hour.
Thanks to IoT botnets, distributed denial of service attacks are now bigger than ever, and when aimed at the right target, are capable of taking huge swaths of websites and services offline. The Mirai botnet attack on the Dyn DNS server was bad enough on its own, rendering Twitter, Netflix, Spotify, and other major services temporarily useless, but it’s even worse when taken as an indication of things to come.
At the beginning of 2017, the dire DDoS warning issued was that there could very possibly be an internet-wide outage lasting at least 24 hours. That obviously did not come to pass, but it is still a threat and will remain a threat up until the moment it happens when it transcends threat status to become a reality. The chaos that would be caused by such an attack is hard to fathom. What it would do to financial markets alone would be devastating. An internet outage isn’t the only reason the United States government and other governments around the world need to start taking the botnet threat more seriously, however.
State-sponsored attacks have turned DDoS into a form of cyberwarfare, taking aim at critical infrastructure in enemy countries as well as health, financial and media services. This notably includes attacks on power grids in Ukraine as well as Latvia, Lithuania, and Estonia. It’s essential this point isn’t glossed over: distributed denial of service attacks have the ability to disrupt power grids, potentially cutting off electricity to significant portions of a country. On the east coast during a particularly brutal stretch of winter weather, for example, this could be deadly.
DDoS attacks have also been used to disrupt elections and other important votes, with both main candidates in the 2016 US election suffering DDoS attacks to their websites, and the Brexit voter registration website allegedly brought down prior to the referendum.
Creating a more secure internet
The next step after the draft report will be a two-day workshop at the end of February to discuss a way forward in this DDoS assault landscape. Following that, a final report will be issued to President Trump on May 11. How this administration proceeds will be up to the President and his advisors. Considering the seriousness of the botnet threat as well as the nation states known to dabble in cyberwarfare DDoS attacks (Russia, North Korea, and China, to name a few), it won’t come as a surprise if the United States begins building a cyber wall, of sorts, to protect federal networks and critical infrastructure.