BID® Daily Newsletter
Dec 20, 2018

BID® Daily Newsletter

Dec 20, 2018

Thinking About And Preventing Botnet Activities

Summary: Botnets do have legitimate purposes, such as web indexing, but their dark side predominates. What community bankers should know.

AARP recently did some research around common smartphone activities for people ages 50Ys or older. The most common were: instant messages or emails (88%), traffic information (77%), downloading an app (69%), surfing the internet (64%), getting news and other information (62%), social networking (60%), using a voice activated assistant (45%), making a purchase (35%), and performing banking or financial transactions (35%). Now, consider the age of these customers and the fact that mobile banking ranked well behind using a voice activated assistant. It sure is something to think about.
The more people use technology, the more the bad guys target the good ones and the more potential for sneaky botnet activity. By definition, a botnet is a network of computers that has been infected with malicious software so it can be controlled as a group without the owners' knowledge.
Botnets do have legitimate purposes, such as web indexing, but their dark side predominates. Botnets have also fueled the spam industry's epic growth, vastly expanding the volume of unwanted email messages.
In the traditional transmission route, users receive emails sent from previously infected computers and open attachments that in turn infect their own networks.
But, botnets can also wriggle into your bank in other ways. Phishing emails might trick employees into visiting malicious websites, which then infect computers using a technique called drive-by downloading. Unlike a pop-up download, which asks the user for approval, drive-by downloads happen without any user participation. Or a virus might install alongside a staff-requested application, a form of attack known as a barnacle. An employee might accidentally bring a botnet virus into the office on a laptop or jump drive too.
In these instances, the end result is the same: malicious software downloads from the website to the employee's computer, turning that machine into a new part of the botnet. The virally infected computer is essentially an electronic zombie that the attacker can use to infiltrate a corporate network, send out spam, launch denial of service attacks, or harvest keystroke data, such as passwords and online banking information.
Fortunately, a lot can be done to protect against botnet attacks:
  1. Start with having proper security in place
  2. Add security patches to key applications
  3. Control network access
  4. Use strong, two-factor authentication
  5. Ensure that your IT policy covers the safe use of USB thumb drives and laptops, or block them entirely.
  6. Remove local administrative privileges
A complete anti-botnet security approach should also include scanning incoming and outgoing data for malicious data, safeguards against Trojan horse attacks, traffic pattern management, web application firewalls, and products that identify and remove botnets, if you think your system is compromised.
All in all, community banks should stay on top of the latest botnet threats, warn customers and regularly review your bank safeguards to stay out of harm's way.
Subscribe to the BID Daily Newsletter to have it delivered by email daily.

Related Articles:

Educating Customers on the Risks of Gaming Platforms
Online gaming platforms have become extremely popular in recent years, with 76% of children under 18 playing regularly and connecting their parents’ credit cards and bank cards to their gaming accounts. Financial education about the risks of online gaming payments can add value for young and older customers alike.
Spoofers Target CFI Customers
A June 2022 report from Allure Security, a cybersecurity firm that specializes in protecting financial institutions, says that about 20% of CFI’s are the targets of website impersonation attacks. Rather than simply assume that website impersonation attacks are something that happens to larger banks, CFIs should be proactive about protecting themselves and their customers from this kind of fraud. We explore a few tactics to keep your CFI and your customers safe.