Cyber storms or cyber warfare are not unusual events. For example the Aurora attacks orchestrated from China and mainly directed against Google in 2009/10; and the latest cyber attack on the European Union (EU), which was allegedly sparked by the UN intervention in the Libyan civil war. These storms however have a ripple effect throughout the Internet as vulnerabilities on user computers, cell phones and websites are exploited. One of the objectives of cyber criminals during these storms is to increase their army of zombies to achieve their ultimate goal. A zombie is a computer controlled remotely without the owner knowing it, which is normally achieved by infecting it with a computer virus. While many zombies are actively used by spam gangs in their botnets, a few zombies may be left untouched or unused until they are needed in a Distributed Denial of Service attack (DDOS).
Undesired Activity - Random Attempt at Accessing Forbiden Areas of a Website
SAN Visitor Increase - March 2011
Although businesses and individuals outside the target area of a DDOS attack are not the actual targeted, some may suffer the consequences if they are not adequately protected against these events. Most Internet users are not even aware of these cyber storms, and can easily be caught in the crossfire by falling victim to many scams, spam, malware and other nasty events. It is therefore advisable not to be ignorant of Internet dangers and to ensure that you have adequate protection against many Internet dangers. We recently noticed bad events from otherwise good behaving networks, which may indicate that cyber criminals are either exploiting previously planted backdoors or using software exploits to increase their efforts against a targeted enemy. Of course it can also indicate counter attacks or defensive strategies by the opposing party.
MOST ACTIVE BAD BOTS AT THIS DOMAIN DURING MARCH 2011
| Country | Number of Visits |
|---|---|
| LU – Lithuania | 5940 |
| NL – The Netherlands | 2406 |
| RU – Russian Union | 356 |
| US – United States | 355 |
| CN – China | 209 |
Scam Alert Network - Bad Bot Activity Blocks - March 2011
RECENT OBSERVATIONS
We recently noticed a sharp increase in website traffic while bad bot activities increased from around 14 percent to over 45 percent of the total visitors. Inevitably it raises a few questions:
- Where do these visitors come from; what are they doing and what are their intentions?
- Are we the target of an attack or are we merely catching the ripples of a cyber storm elsewhere?
- Do we have adequate protection and what should be done if we should come under attack?
- Are we clear of backdoors, malicious scripts, etc?
- …..and a few other questions.
Scam Alert Network Approved Visitors - March 2011
Scam Alert Network Declined Visitors - March 2011
COUNTER MEASURES
Any government, business owner or individual with online Internet facilities can become a target of an opposing entity. Most anti-spam and anti-crime organizations have experienced attacks in the past and will continue to experience attacks in the future. Obviously Internet facility owners don’t disclose their strategies and technologies to counter attacks by cyber criminals, but here are a few very basic tips for website and LAN owners who would like to protect their Internet connected facilities.
- Protect your network at the perimeter or gateway, not only from outside entry by unwanted elements, but also against outgoing traffic with sensitive data or harmful content. This is known as the network firewall and it should only pass traffic via a limited set of ports. A network firewall should also drop traffic to and from known threats or exhibiting certain behaviour. If it is remotely managed, it should preferably use a legacy operating system and protocols. Fortinet, Juniper, McAfee, SonicWall, Check Point, WatchGuard and Cisco gateways are just a few examples (See illustrations below).
- Protect your inside network against rogue activities at the network core.
- Protect each device with its own firewall and anti-virus application. Often threats can come from your own employees, some unknowingly infected with malware but occasionally there may be criminals from within your own organization.
- Use encrypted protocols and tunnelling to remote facilities, especially if sensitive information is transferred. Communication with banking facilities is probably the most obvious, but also consider for remote offices and public hosting facilities.
- Equip public web and mail hosting facilities with an appropriate firewall and anti-virus, and backup or mirror at separate facilities.
- Avoid providing online call centers or customer support services from your main public hosting facilities. You won’t be able to communicate with your personnel and customers if under attack or if a hardware failure should occur.
- A single public server is vulnerable to DDOS and flooding despite caching information, dropping or forwarding incoming traffic. Consider cloud hosting with distributed processing if necessary.
- Refrain from active counter measures or attacks despite the temptation as it will tarnish your reputation with other reputable Internet Service Providers, rather resort to passive measures by dropping traffic from Internet crime spots and traffic with harmful content.
- Set traps at sensitive areas to warn administrators of potential threats, and present a honeypot to regular spambots to distract them from your actual content while gathering information about them and their activities. Often a “Error403 – Forbidden” is the first indication that someone is trying something.
The scalable Fortinet Gateway Security Approach for Home Offices to Large Campus Sites
Protecting your Network at the Perimeter and at the Core
FINAL REMARKS
Many undesired Internet activities including Email Spam, Spam Comments, Malicious Script Injections, Theft of Data, and other, originate from botnet activities. Unfortunately most solutions on offer try to address the observable symptom and not the real issue namely Internet Security.
To avoid spam, guard your personal details and don’t offer it to unprotected websites where it can be harvested. To avoid scams and virus infections, check the credentials of the company and website before offering your details and credit card. Stay clear of Internet crime spots and online facilities that offer goods or services that are not family friendly.
Internet danger zones are mostly well documented and can be avoided by installing a multilayer security gateway solution at your home, office and website to complement your anti-virus software. Scalable hi-tech solutions are available at very affordable prices, even for private homes. The management consoles of some security solutions are easy to understand and can probably be managed by the average non-technical person. You don’t have to be an engineer to drive vehicle, just ensure that the “vehicle” you use for your Internet Security comply with the basic criteria and are sourced from a trustworthy supplier.
Related posts:
[...] the knowledge to prevent it from entering or leaving their [...]