Friday, September 25, 2009

Enterprise bot-nets

Up to nine percent of machines in some enterprises are part of a bot net according to this article at Dark Reading. It seems many of these enterprise bot nets are highly targeted and used multiple attack vectors to evade detection and establish the network. Further, these are not the wide-spread "consumer oriented" bot nets that attack the typical home user system.

The article also states that the bot nets demonstrate a level of insider knowledge of the targeted organization that implies someone on the inside is helping with the deployment and exploitation. "They are very strongly associated with a lot of insider knowledge...and we see a lot of hands-on command and control with these small bot nets," says Gunter Ollmann, vice president of research for Damballa.

Cheers,
Dave
Posted by at

4 comments:

  1. dtdenverSeptember 27, 2009 at 6:53 PM

    I read this article http://www.ddj.com/security/218500947;jsessionid=TXAULXZXH4BGHQE1GHPSKH4ATMY32JVN about Intel, and their systematic approach to analyzing their enterprise machines. They found traces of 3 botnets. This is a smarter way to infiltrate enterprises. This threat again emphasizes the need for internal security.

    ReplyDelete
  2. davidfalls.CNG275September 27, 2009 at 10:18 PM

    With the considerable amount of money to be made, it makes me curious as to how much of this activity is controlled by those 'organized' fellows from russia, china, or new york. It would make more sense to target enterprises than home users. The data is more than likely worth a lot more, and they could enslave hundreds of machines rather than 1 at a time.

    ReplyDelete
  3. EntSecStudent1122September 28, 2009 at 5:28 PM

    botnets coming from someone on the inside? Clever i wonder what the person in the inside is doing to circumvent the security in place if there is any.....

    ReplyDelete
  4. dtdenverSeptember 29, 2009 at 5:13 PM

    I think that competitors would lease bot-nets and arrange the inside job. Russia, China, etc just have their own business going with the botnet lease, rent, sell. There are many layers to this.

    ReplyDelete

Subscribe to: Post Comments (Atom)

Followers

About Me

My photo
B.Sc. ('78) and M.Sc. ('80) in Math from Ohio State followed by 12 yrs at TRW and a variety of software development positions since then. Currently living in Colorado and enjoying "trial retirement". For fun I climb mountains in the summer and ski down them in the winter, fix gourmet food and have an excellent wine cellar.