Botnets Are Big Business in the Hacker World and Are Costing US Businesses Plenty Every Day

Share Article

With Microsoft’s Digital Crimes Unit and the FBI liberating over 2 million PCs earlier this month from a cyber-crime ring using them as a botnet believed to be responsible for siphoning over $500 million from bank accounts across the globe, there can be no doubt that botnets and organized cyber crime continue to exact a high toll on businesses everywhere. Global Digital Forensics founder, Joe Caruso, discusses how botnets are created and used, and what steps businesses should take to survive the onslaught.

News Image

Hacker bonets are costing US businesses big money

When any business is targeted by a large botnet, the potential for catastrophe is certainly there, and the ripple effect can really have legs

To put some real weight to how much half a billion dollars really is, it would be 5 metric tons of $100 bills. That’s how much money hackers are believed to have siphoned from the coffers of hundreds of financial institutions of all sizes, from local credit unions, to high-powered global banks everyone is familiar with. The three countries targeted most heavily were the United States, Europe and China. This particular vanishing cash act was accomplished by leveraging the power of millions of computers known as the Citadel Botnet. Microsoft’s Digital Crimes Unit, the FBI and authorities in over 80 countries banded together to free over 2 million enslaved PCs earlier this month from what is known as the Citadel botnet. “When any business is targeted by a large botnet, the potential for catastrophe is certainly there, and the ripple effect can really have legs,” said Joe Caruso, founder and CEO/CTO of Global Digital Forensics (GDF), “but, there are concrete steps than can and should be taken to significantly strengthen an organization's cyber defenses against this type of threat.”

Let the enslavement begin.

“ A botnet is a network of compromised systems that do the bidding of whoever is at the controls, and their numbers can be in the millions. The most common way hackers get initial control of someone’s system, so they can add it to their botnet collective, is by introducing malware to the system via email. Phishing and spear phishing campaigns are typically the delivery method of choice. If they can entice someone to follow a malicious link or open an infected attachment, the payload is delivered and the malware immediately starts doing what it was designed to do. In this case the Citadel Trojan was the culprit, and it gets right to work by disabling the installed antivirus software in a way that allows it to avoid detection, all while the AV software still seems to be functioning properly. Understanding and combatting the threat emails can pose is essential, and we go through great lengths during our cyber threat assessments and penetration testing to help our clients make sure everyone in their organization gets on the same page, knows what to look for and how to respond to the threat. Because it only takes one slip up by one individual to throw open the doors to the organization’s entire network. And once an intruder is in, they can stay there, sometimes for years, doing whatever they want to at will. But stopping that initial entry cuts the head of the snake right off, before you ever get poisoned.”

Botnets can pack more than just one kind of punch.

“So now that the malware is invisible to the user, it is used to form a conduit to the command and control server which will be used to take control of the system remotely and put it to work for whatever purpose the puppet master pulling the strings desires, from straight out theft of intellectual property, account credentials and other sensitive data, to massive DDoS (Distributed Denial of Service) attacks which can cripple the online presence and functionality of even the world’s largest organizations. You also have to remember that with an intruder in your system, every digital resource you control can most likely be controlled by them too, and with that control, malware could even be introduced to your legitimate website which will in turn infect visitors to your site as well, spreading the malware’s reach even further and putting you in a very bad situation with your clients, site visitors and vendors and the long lasting trust and integrity stigma that tends to follow. And if you are in a heavily regulated industry like banking or healthcare, it also opens a whole new can of worms with liability and notification nightmares, all of which directly and adversely affect a company’s bottom line.”

Steps to take to help thwart the threat

“If your business relies on digital information in any way, shape or form, the very first thing on the checklist has to be regular cyber threat assessments. The digital threat landscape is always changing, with thousands upon thousands of new variants of malware being released into the wild every day. A GDF cyber threat assessment looks at the big picture of your entire digital architecture and how it is used in daily operations, so even newer threat vectors like smartphones, tablets, and remote connections are all considered. We also review the organization’s internal policies and procedures regarding cyber security and emergency response to identify weaknesses and offer remediation steps to help close the holes. We can also deep scan your systems to reveal if you have already been compromised and help clean your systems of any malware present. Next up is our comprehensive penetration testing, where we take the role of real-world attackers and use the same techniques and tradecraft today’s hackers would use to infiltrate the client’s network. And we don’t pull any punches. We’ll try every social engineering trick at our disposal like planting “GDF-infected” USB sticks, and have even been known to create realistic looking dummy websites to entice our targets to divulge their credentials with a GDF orchestrated spear phishing campaign. So far, we’ve never been unsuccessful in infiltrating our target, and every weakness we expose only serves to strengthen our clients on the cyber front. From there we can guide and assist clients with everything from best-of-breed security solutions and DDoS protection, to in-house cyber security awareness training. We also help clients develop a functional and efficient emergency response matrix which can significantly minimize the damage and aftermath of any successful cyber intrusion or data breach.”

So don’t wait, start improving organizational cyber security today with Global Digital Forensics, because like it or not, everyone is a target to cyber criminals and that could prove especially costly for the unprepared.

*Global Digital Forensics is a recognized industry leader in the fields of computer forensics, electronic discovery (eDiscovery), cyber security and emergency incident response, with years of experience assisting clients in the government, banking, healthcare, education and corporate arenas. For a free consultation with a Global Digital Forensics specialist, call 1-800-868-8189 about tailoring a plan which will meet your unique needs. Emergency responders are also standing by 24/7 to handle intrusion and data breach emergencies whenever and wherever they arise. Time is critical if a cyber incident has occurred, so don’t hesitate to get help. For more information, visit

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Aris Demos
Visit website