CPS 2022: How Companies Can Deal With Botnets

There are many threats to companies, their operations and their customers, and botnets are one of the major threats they face that continue to evolve and survive.

“The only thing growing faster than the number of IP connected devices today is the number of threats against those IP devices,” Don Jones, director of Strategic Fraud Intelligence at Comcast, said at the Content Delivery & Security Association (CDSA) Content Protection Summit (CPS) Dec. 6, during the session “Dealing with BotNets.”

During the session, Smith shared work that’s been done to better understand and deal with bad botnets in ways that companies could and should leverage.

So exactly what is a botnet? It “specifically is a small program that’s meant to go out and do a specific function,” Jones said in response to his own question. “A network of them is a lot of them but there are good botnets as well as bad botnets,” he said. “Without bots, we would not ever find new content on the internet. The internet would be unfunctional. We would never know when somebody actually comes up with that ‘keep me 29 forever pill’ if we would never be able to discover it.”

But he pointed out his presentation would be focused on the “bad botnets and their implications and how to recognize some of the artifacts that usually come along with this type of malicious traffic.”

There are, he explained, “four primary paths to getting infected” by botnets, and “you’re familiar with almost all of them; you get berated by them every single day.”

The first one is phishing, he said, noting that such attempts are “usually from a source that seems familiar [but] may not be familiar, or it may be a misspelling of something that is familiar.”

One of the key elements “that you’ll see” as part of a scam is “there’s always a time element to it; so, from a social engineering perspective, one of the most powerful tools is the fear of missing out or the time aspect. So you push your victim into making a decision immediately. You don’t want them to think about it. You don’t want them to consult anybody else.”

“The same thing happens within a phishing [scam],” he said, adding: “You’re the only exclusive person getting this offer, or you’ve been nominated by a team of your peers to be the “Who’s Who of Whosville.” And, again, they’re really hoping that you’re going to reply to that email.”

Then there are malicious links and attachments. “Now, most of you are familiar already with malicious PDFs or spreadsheets,” he said, noting: “You don’t want to open a spreadsheet from somebody you don’t really trust. But what most people don’t know is that a PNG – a picture file – can actually contain 10 different commands to execute on your computer as well.”

A scammer will also “often claim that you’re already infected and the only way to save your computer is to go ahead and buy into this link” that’s been sent to you, he said. You may be told to “click this link, or call this phone number” in order to correct the situation that they detected.

Last year, there was a security company called Proofpoint that he said “discovered one of the most elaborate phishing campaigns that they had ever seen.” Those “particular bad actors were targeting consumers of pirated video content,” who would receive an email with a link to a site called Bravo Movies.

And then they told the victims: “Thank you so much for signing up for your free trial. Now your credit card is going to be charged $39.99 a month unless you opt out and cancel your subscription. And the only way you can do that is either click on this link to Bravo Movies or give us a call.”

“Most paranoid people, especially video pirates, decided, ‘look, I’m going to call the phone number to see what they tell me.’ Well, they have an actual call center set up that directed the caller back to Bravo Movies, and you need to hit this button that says, ‘I want to cancel my subscription before we charge your credit card.’ That button actually downloaded an Excel spreadsheet that had a loader called Baza Loader [that] distributed ransomware,” he recalled.

Therefore, he said.  “In the end, it didn’t matter whether you went to the website or called the call center. They had every base covered. So this was a very, very elaborate campaign. Now, the interesting thing is when you actually went to the [website]. You’d see poster art for movies that never existed and titles that never existed.” For example: A Dog named Woof was “actually a title of one of their movies, he said, so it really was a kind of a haphazard way of setting [up] a website, but having both a call center and a website present to support a phishing campaign wasn’t seen until last year.

Text messaging, meanwhile, presents a lot of risk because it “has a lot less filtering than email,” which he noted has “been around for a long time [and] been abused over and over again so email providers are getting better and better at applying filters.”

However, “text messages, not so much,” he said, noting there are technology solutions that help identify spam or robocalls but, “with text messaging, most of that doesn’t necessarily apply, especially contextual based filtering.”

All too many consumers also don’t install antivirus software on their mobile phones although they do on their computers and enter credit card info into both devices, he noted. “That is one of the things that these scammers bank on.”

“I would beg you, if you wouldn’t do that with a computer, you shouldn’t do that with a phone,” he added.

Among the other risks are malicious advertising that usually appears in the form of “pop-ups and pop-unders,” he said.

When it comes to online content, meanwhile, that if you watch something on Hulu, “you can be rest assured you’re going to have a pleasant viewing experience [and] you’re going to be able to watch the movie you want and you’re not going to be attacked,” he said. But, if “you go to Movies 1, 2, 3, you’re really rolling the dice and you have no idea what’s coming your way,” he said.

“Games and applications also have the same vulnerabilities as a browser,” he told viewers.

He also urged attendees not to fall for scams in which they’re offered extensions of subscription trials for no fee or told to “disable your antivirus to avoid any false positives: I assure you they’re absolutely not false positives.”

Battling botnets is exactly the kind of “common problem/common solutions” that the focuses on facilitating, it said.

To download the presentation, click here.

To view the entire session, click here.

Presented by Fortinet and produced by MESA, CDSA’s Content Protection Summit is sponsored by Convergent Risks, Richey May Technology Solutions, GeoComply, Signiant, Verimatrix, Shift Media, EIDR and EZDRM.