TechCrunch reports that cyber criminals have brought a botnet back to life, and like all zombies, this reanimated botnet is stronger than before!
Botnets are massive collections of computers that hackers use to launch DDoS attacks. By tricking users into clicking on bogus links or downloading malware, hackers are able to install malware on millions of computers across the world. When called upon, these computers try to access one site, overwhelming it with traffic and causing it to shut down.
The fascinating thing about this particular botnet – called GameOver Zeus – was that it was dismantled back in June. After security researchers disabled the original version of the botnet, hackers rebuilt GameOver Zeus stronger and added features that would make it harder to stop.
Let's take a look at how hackers have used this botnet to steal $100 million and what that means for IT contractors and security consultants who need to protect their clients from cyber theft.
Night of the Living Cyber Threat: The Botnet That Bites Bank Accounts
Recently, we've seen botnets that were designed to ransom money from web hosts after shutting down their services (see "Web Host Liabilities: How Hackers Can Shut Down Your Clients' Website"), but GameOver Zeus has set its sights on larger sums of money.
The botnet's makers use the DDoS attack as a smoke screen. While users' servers are shut down, hackers steal money from their bank accounts. By the time their servers are up and running, it's too late for users to stop the cyber threat.
So far, it's estimated that GameOver Zeus has stolen over $100 million using this distraction technique.
Researchers were able to neutralize the first attack by stopping the servers the hackers were using to launch their attack. Unfortunately, when hackers brought their botnet back from the dead, they decided they would change their attack methods. Rather than launching attacks from a few servers, they now attack from seemingly random servers, making it hard for cyber security experts to protect their clients.
Cyber-Zombie Survival Guide: How IT Professionals Can Address Cyber Liability
Attacks like GameOver Zeus demonstrate just how difficult it can be to combat cyber attacks and prevent identity theft and data breaches. Often, when security researchers are able to stop an attack, they're really giving cyber criminals a road map that shows how to improve their next cyber attack.
By shutting down its servers, security analysts pointed out the weak point in the GameOver Zero strategy. When hackers resurrected it, they changed their tactics, using random servers in a difficult-to-stop decentralized attack.
That's the nature of cyber security. It's a constant back-and-forth battle – like a zombie movie with way too many sequels.
So how do IT professionals cover their cyber liability?
- Stay up-to-date. In order to prevent identity theft and data breaches, you need to know what the latest attacks are. You also need to keep client software completely up to date. Delaying updates can be disastrous because cyber criminals reverse engineer software patches to find security flaws in old software.
- Educate your clients. In addition to teaching clients the basics about cyber security, it's a good idea to inform them of new risks. For instance, spear phishing attacks have become more prevalent, and are now much more likely to target small businesses than they were two years ago.
- Insure your risk. As a tech contractor, you can be sued if the IT solutions you install have a security weakness. This is called "third-party cyber liability" and can be covered with your Professional Liability Insurance.
It's an unfortunate reality that tech contractors are liable for the software and IT solutions they install, even if they don't write the software. Say you use FireEye or other industry-standard software to detect attacks on a client's network. If FireEye doesn't catch an attack or doesn't flag it properly, you could be sued for recommending software that didn't deliver.
Because you have third-party cyber liability, it's crucial that you plan for the worst. Though not as bad as a zombie apocalypse, a lawsuit can bring your business to a screeching halt. You need insurance that covers your IT liabilities.
If you'd like to learn more about the cost of insuring your small business and covering your cyber risks, see these sample insurance quotes for IT companies.