Improving device security, better coordination between infrastructure companies, and smarter procurement by businesses are all part of tackling the botnet menace, according to a US government report.
The snappily titled Enhancing the Resilience of the Internet and Communications Ecosystem Against Botnets and Other Automated, Distributed Threats[1] report is the result of an executive order signed by President Donald Trump last May aimed at strengthening the cyber security of federal networks and critical infrastructure.
Botnets and the distributed denial of service (DDoS) attacks they deliver are a growing menace[2].
Traditional ways of dealing with DDoS effectively involved network providers building in excess capacity to absorb the impact of an attack. However, these incidents have grown in size to more than one terabit per second, far outstripping expected size and excess capacity.
On top of this, standard ways of dealing with DDoS are unable to stop other uses of botnets, such as spreading ransomware. And as botnets add insecure Internet of Things (IoT) devices[3] to magnify their attacks, future incidents can only increase in scale and complexity.
The report from the Department of Homeland Security and the Department of Commerce highlights a number of changes that need to be made.
Infrastructure providers should share more data about evolving threats -- especially with smaller, less well-funded, or niche players -- and see what benefits come from a move to IPv6, the report said.
Enterprises need to isolate legacy devices and other devices that cannot be secured, deploy on- and off-premise DDoS mitigation services and rethink their network architectures.
Industry and law enforcement should work to find ways to coordinate more often and earlier to detect and prevent threat activity, and to