If you have a computer connected to a network you should assume you are under attack 24 hours a day. Because you are. The numbers are simply astonishing. I’m sure your head spins when all those network security statistics are thrown around.
Unfortunately, despite the awareness the vast majority of security breaches on the Internet have two things in common; they exploit very simple vulnerabilities and they go undetected.
Even the breaches that are detected take far too long to remedy. On average it takes a few minutes to breach a computer’s security. It takes another few minutes to steal data. But it takes, on average, several months to figure out there was a breach and then time to fix it. That really is closing the barn door after the horse has bolted. In fact after the horse has bolted, left the country and started a family!
A significant amount of all the bad things that take place on the Internet are related to botnets. A botnet is a set of computers that are remotely controlled by a bad guy. In other words, your computer may be compromised by a bad guy and is right now performing tasks without your knowledge.
Connect to a safer corner of the Internet.
Check out our Steel Thread Internet Services.
These compromised computers are referred to as zombies. They become compromised when a small piece of extremely sophisticated software gets installed. And there are all sorts of ways for that to occur – the simplest is by tricking you into clicking on a link in an email. And once one machine is compromised inside your office it can replicate the bad software onto all the other machines.
These zombies are then remotely operated by a command and control server. This command and control server can communicate with thousands of zombies through an encrypted communication channel that is extremely hard to detect.
So what are these botnets of zombie computers doing? Well, they started off as the sources of all that email spam we get. They still do that. But they are also the source of all those distributed denial of services (DDoS) – those floods of data that take down web sites. While many of those DDoS attacks are simply aimed at causing disruption some of them are a diversion while another security compromise is taking place. This is what famously happed to Sony’s PlayStation Network.
Botnets are also used for click fraud. Many web sites pay for traffic sent to them when a web address on another site is clicked. If you can generate thousands and thousands of clicks you can generate revenue.
Botnets can be used to repeatedly try to access online accounts. They use combinations of passwords and IDs in a systematic way. Or they perform spamdexing; manipulating the way search engines (like Bing) rank people’s searches so that the “spamdexed” site appears higher in the rankings.
Or they may just be delivering all your sensitive data to a bad guy.
I think you get the point.
Level 3 recognizes both the scale of this activity and the difficulty many companies have in detecting and stopping it. Some time ago we built a sophisticated system to monitor and protect our own network. We had a bit of an advantage. Because of the size of our IP networks (both in total bandwidth capacity and in terms of their geographic breadth) we have a lot of traffic flow data to look at. While at first this is overwhelming, it does give us the opportunity to look for very particular patterns within those traffic flows. The algorithms we built to find and detect botnet activity AND to detect where the command and control computers are located took several years and were computationally extremely difficult.
The good news is that we’ve been using that for some time and not only have we identified, stopped or quickly quarantined compromised machines, but we have also led to several arrests.
The even better news is that we are now extending this benefit to our customers. For free.
We monitor tens of millions of traffic flows across our Internet Services every day. When we find these botnets, our security team immediately addresses the risk to our Internet Services customers by ensuring that transmission from the command and control host is terminated as quickly as possible. By stopping this communication path we can help to protect our customers from further attack or infection from these now “headless” botnets.
But we also can extend that service further. If you buy our Managed Security Services as well as our Internet Services we will automatically configure the firewall installed in your building as soon as we find a new threat in order to truly create a proactive mechanism in protecting our customers’ networks.
This is an ongoing battle. But Level 3 is doing what it can to protect its portion of the Internet. If you’d like to be connected to a safer corner of the Internet or to have the backing of one of the most sophisticated security teams in the industry check out our new Steel Thread Internet Services.