Telecoms and ISPs battle inner-network botnets

Telecommunications and Internet service providers should adhear to the U.S. Anti-Bot Code of Conduct to prevent botnet infections within their networks.

Recently, Google partnered with security experts to create a Digital Attack Map, which outlines past and present distributed denial-of-service attacks utilizing botnet commands. The map is interactive, and includes the source and destination of the selected botnet, the start and end date, as well as the max Mbps.

DDoS attacks have become increasingly popular to carry out a variety of malicious activities. Within such attacks, cybercriminals utilize botnets of hijacked devices and networks to inundate a certain webpage with traffic, which crashes the platform. This attack strategy has been previously utilized to topple gambling sites and are sometimes financially motivated. For example, attackers  will extort site administrators into paying into a protection fund to prevent a botnet targeted attack.

Recently, botnets  have also been utilized to target and crash political websites.

Security experts advised individual users to maintain up-to-date programs and utilize any security patches released for their systems. However, when it comes to telecommunications and Internet service providers, these organizations must follow specific guidelines pertaining to botnet-controlled cyberattacks.

Botnets in service provider networks
The Communications, Security, Reliability and Interoperability Council recently worked with the Federal Communications Commission to create a code of conduct associated with botnet removal from telecommunication and Internet service provider networks. The document revolves around requirements to follow regarding infected computers belonging to the providers' customers.

In order to comply with the code of conduct, ISPs and telecoms must provide education to customers about botnets, and make efforts to detect and repair affected systems. Furthermore, these organizations must collaborate with one another to create a seamless group of code adopters.

CSRIC Working Group chairman Michael O'Reirdan said that it is important to note that while the FCC isn't specifically enforcing the code, organizations are not hesitating to participate. 

"It's important to know that this isn't the FCC going out and mandating that ISPs do this," O'Reirdan said. "We're not recommending different things in different groups, but we're asking various people to play their parts in a coherent way."

Since its initiation, several major telecommunications providers have adopted the standard, including AT&T, Comcast, Cox, Sprint, Time Warner Cable, T-Mobile and Verizon. While O'Reirdan said botnets can never be totally eradicated, providers' efforts in accordance with the code of conduct will make it increasingly difficult for attackers to operate them .

Obstacles to stopping botnets
Another attempt to decrease botnet attacks came in the form of rule BCP38 from the Internet Corporation for Assigned Names and Numbers. The rule mandated that telecoms and ISPs investigate the legitimacy of an IP address before allowing its traffic to freely flow. Fake IP addresses are used in botnet-controlled DDoS attacks to increase traffic on a website and prevent regular operations.

However, there has not been as much voluntary adoption of the rule, which includes information on how service providers could identify and deny access to fabricated IPs. The cost of implementing employee and user education programs as well as making IT infrastructure upgrades may be contributing to low acceptance of BCP38.

"There's an asymmetric cost-benefit here," said ICANN advisory board member Paul Vixie. "The provider that takes the time to secure its networks makes all the investment."

However, telecom and ISPs that do make these investments can boast a strengthened security system and decreased risk to users. As part of their protection against botnet attacks, these organizations should utilize a software layered security approach, which provides several protection measures to block attacks at multiple levels. Such a strategy should include anti-virus software as a means to prevent computers on the network from becoming infected and being used in a botnet attack. Utilizing this kind of approach can help telecoms and ISPs protect their networks from botnet-controlled DDoS infections.

Suzannah Hastings

Suzannah is interested in all things digital, from software security to the latest technological advances. She writes about ways in which the increasingly internet-driven landscape changes our lives, and what we can expect in the future.