WHAT IS BOTNETS AND THEIR TYPES - EC-Council Certifications

We constantly use the internet to run our lives and the digital devices we depend on. Along with our connection to the internet comes our connection to the side-effects of the internet like viruses, spams, criminal hackers, and online fraud. The amount of phishing sites, malicious emails, destructive viruses, etc. has increased not just in the U.S. but globally. Of the various threats that individuals and businesses are facing these days through the internet, the botnet is the most prevalent. A botnet is a network of computers that are remotely controlled by hackers.

Botnets are used by criminal hackers to spread ransomware to your laptop, phone, tablet, computer, etc. They can be undetectable so you may not even know if your device is part of a botnet.

What is a Botnet?

The word ‘botnet’ is a combination of two words, ‘robot’ and ‘network.’ Here, a cybercriminal who performs the role of a botmaster uses Trojan viruses to breach the security of several computers and connect them into a network for malicious purposes. Each computer on the network acts as a ‘bot’ and is controlled by a scammer to transmit malware or spam or malicious content in order to launch the attack. A botnet is also known as a Zombie Army as the computers involved are being controlled by someone other than their owner.

The origin of botnets was mainly to serve as a tool in internet relay chat (IRC) channels. Eventually, spammers exploited the vulnerabilities present in IRC networks and developed bots. This was intentionally done to perform malicious activities such as keystroke logging, password theft, etc. 

Botnet Structure

The structure of the botnet usually takes one of two forms: Client-server model or Peer-to-peer model.

Client-server model

In the client-server botnet structure, a basic network is established with one server acting as a botmaster. The botmaster controls the transmission of information from each client to establish command and control (C&C) of the client devices. The client-server model works with the help of special software and allows the botmaster to maintain control. This model has a few drawbacks such as it can be located easily and has only one control point. In this model, if the server is destroyed, the botnet perishes.

Peer-to-peer

To overcome the drawback of relying on one centralized server, botnets have evolved. New botnets are interconnected in the form of peer-to-peer structure. In the P2P botnet model, each connected device works independently as a client and a server, coordinating among each other to update and transmit information between them. The P2P botnet structure is stronger because of the absence of a single centralized control.

Types of Botnet Attacks

Distributed Denial of Operations Service:

A botnet can be used for a distributed denial of operations service (DDoS) attack to destroy the network connectivity and services. This is done by overburdening the computational resources or by consuming the bandwidth of the victim. The most commonly implemented attacks are TCP SYN and UDP flood attacks. DDoS attacks are not limited only to the web servers but can be targeted to any service connected to the internet. The severity of the attack can be increased by using recursive HTTP-floods on the victim’s website which means that the bots follow all the links on the HTTP link in a recursive way. This form is called spidering which is practiced to increase the load effectively.

One of the biggest DDoS botnet attacks of the year was  IoT-related and used the Mirai botnet virus. The virus targeted and controlled tens of thousands of less protected internet devices and turned them into bots to launch a DDoS attack. Mirai spawned many derivatives and continued to expand, making the attack more complex. It changed the threat landscape forever in terms of the techniques used. 

Spamming and Traffic Monitoring:

A bot can be used as a sniffer to identify the presence of sensitive data in the infected machines or zombies. It can also locate competitor botnets if installed in the same machine and can be hijacked by the commander. Some bots may offer to open a SOCKS v4/v5 proxy (generic proxy protocol for TCP /IP based network). When the SOCKS proxy is enabled on a compromised machine, it can be used for various purposes like spamming. Bots use a packet sniffer to watch for the information or data been passed by the compromised machine. The sniffer can retrieve sensitive information such as a username and password.

Grum is the type of spam which is hard to detect as it infects files used by Autorun registries. This botnet has attracted the researches as it is relatively small with only 600,000 members but accounts for 40 billion spam-emails per day which is approximately 25% of the total spam emails. 

Keylogging:

With the help of keylogger, it becomes easy for a botmaster to retrieve sensitive information and steal data. Using a keylogger program, an attacker can gather only the keys typed that come in the sequence of interesting words like PayPal, Yahoo, etc.

A kind of spyware identified as OSX/XSLCmd ported from Windows to OS X includes keylogging and screen capture capabilities. 

Mass Identity Theft:

Different kinds of bots can be mixed to perform large-scale identity theft which is one of the fastest growing crimes.  Spam emails are sent by bots to direct the traffic towards fake websites representing bots to harvest personal data. Bots can be used to appear as a legitimate company and ask the user to submit personal details like bank account password, credit card details, taxation details, etc. Mass identity theft can be performed using phishing emails that trick victims into entering login credentials on websites like eBay, Amazon, or even their banks.

Pay-per-click abuse:

Google’s AdSense program allows websites to display Google advertisements and thereby earn money from them. Google pays money to the website owners on the basis of the number of clicks their advertisements gather. Compromised machines are used to automatically click on a site, inflating the number of clicks sent to the company with the ad.

Botnet spread:

Botnets are also used to spread other botnets by convincing the user to download the specific program and the program is executed through email, HTTP, or FTP.  It is a good idea to spread an email virus using this botnet. Two security researchers in the month of January 2017, discovered ‘Star Wars’ Twitter botnet that comprises of 350,000 bot accounts which tweeted random quotes from the movie franchise. Such bots if continuing to exist may create fake trending topics to sway public opinion, send unsolicited spam, launch cyber attacks and more. 

Adware:

Adware is used to attract users by advertising on web pages or apps. They appear on machines without the knowledge or permission of the users with original ads being replaced by fraudulent adware which infects the system of any users who click on it.

Adware looks like harmless ads but uses spyware to collect browser data.In order to get rid of adware, anti-adware is required. Though there are many free and paid versions of anti-adware available, it is best to opt for a licensed one. Many virus scanning packages also come with anti-malware software.

Botnets can be expelled from or stopped from entering our machines using anti-malware which can spot infections on the hard disk or network traffic and treat them immediately. On the other hand, the most effective approach would be attaining a full-fledged education on how to fight botnets.

Our experts say about EC-Council Certification Exams

THE RISE OF DNS HIJACKING AND HOW TO AVOID IT - Ec-Council Certifications

Recent years have seen the re-emergence of a type of threat that many of us in the cyber-security industry had hoped was a thing of the past. DNS hijacking attacks work by redirecting users to fake or malicious web pages and operate in such a simple way that they can be very hard to detect and combat.

In order to understand what DNS hijacking is, it is necessary to know how your computer knows where to find websites and other services. Though websites are typically identified by the .com or .net address that we type into a browser, in reality, all web hosts are assigned a unique IP address, just like all other computers and devices. The domain name system (DNS) is the global service that translates fully qualified domain names (for example www.eccouncil.org) into the IP address.

Protecting Yourself: Do The Basics First

Since the most common way in which DNS hijacking is implemented is through man in the middle or malware attacks, the techniques you can use to protect yourself are very similar to those used to guard against many other forms of attack.

Primarily, this means doing all the basic stuff that you are already doing (or should be) to protect yourself online. Use updated security software, and make sure that security patches and updates are installed on all your hardware as soon as they are available. Avoid clicking on suspicious links in emails or on social media, and be wary of sites that you are not familiar with or that look untrustworthy. Protecting your router is also an important factor in combating DNS hijacking attacks. Make sure that your change the default admin username and password for the router, as every hacker on the planet knows the default ones!

Other forms of DNS hijacking are more difficult to avoid. You cannot do anything about a website being compromised, for instance, but you should be able to spot unusual pop-ups or other elements in pages that you visit regularly. You should also avoid using public Wi-Fi networks to send or receive personal information, or to log into sites that require a password or username. You should also be very suspicious of public networks that allow you to log in without presenting you with a ‘terms of service’ page.

Shore Up Your DNS Security

There are also more specific ways of protecting against DNS hijacking. A good first step is to implement Domain Name System Security Extensions (DNSSEC) on all your machines. This is an industry-wide security standard that allows domain owners to monitor traffic on their own domains, and thereby check for suspicious activity. Domain owners are also able to register their Domains’ zones, enabling DNS resolvers to verify the authenticity of all DNS responses.

Another good way of protecting yourself against DNS redirects is to change your default DNS server. By default, computers and routers will connect to the global DNS service based on your local internet service provider (ISP). For example, if you subscribe to a Comcast internet package, then you have access to Comcast’s version of the DNS database, which will typically route your traffic in the most efficient manner.

However, there are third party options available that can take over responsibility for DNS routing. [5] Two of the most popular services are OpenDNS and Google DNS, both of which offer free solutions. By simply redirecting your router’s DNS settings to the third party addresses, you can bypass your ISP completely.

If you change your DNS server, though, be wary of any DNS solution that does not come from a reputable company or nonprofit organization. Giving control of your DNS addresses to a rogue group could actually increase your risk of DNS hijacking. The most secure solution is a paid offer from OpenDNS, which will automatically filter out suspicious traffic from fraudulent websites.

Encrypt Connections

Virtual private networks are most commonly associated with businesses or individuals who want to make remote access possible through secure channels. But the advantages of VPN services extend to other aspects of networking, including protection from DNS hijacking.

When you configure a VPN connection from a computer or mobile device on your local network, an encrypted tunnel is created between your ISP and the VPN host. Information between these endpoints cannot be hacked or stolen. This works in a similar fashion as third-party DNS tools, as a VPN will bypass your router settings and perform DNS lookups automatically.

Be warned, however, that not all VPNs are created equal. There are in fact (at least) four different types of VPN, ranging from client-level browser add-ons to more secure ‘tunneling’ systems like IPSec [6]. Just like with DNS alternatives, you need to be able to trust the developer of the VPN solution you choose. While there are hundreds of companies selling VPN services – as with the DNS tools mentioned above – the pool of choices that provide service worth paying for is smaller. MUCH smaller. You should be aware some VPN providers will filter your network traffic, block certain websites, and even log your browsing habits.

In general, OpenVPN is generally considered to be the best protocol for VPN traffic [7], many people prefer to use L2TP/IPSec because these protocols can improve performance over encrypted connections. However, if you are are using a VPN to protect against DNS hijacking, or in fact, any other threat, do not use L2TP/IPSec if you can help it. Put simply, it is not as secure as a fully featured VPN service, and a slightly slower connection is a small price to pay for greatly improved security.

Keep Vigilant

If a hacker manages to infiltrate your local network and launch a DNS hijacking attack, the impact could be felt in a number of ways. [8] First, you may notice that web pages are loading slowly or appearing differently then they did before. This is evidence of a spoof attack, where the hacker has redirected your browser to a dangerous look-alike of a popular website, such as Apple or Amazon’s homepage.

Cross-site scripting (XSS) attacks are often paired with DNS hijackings, as they will allow hackers to obtain private information through a web browsing session. For example, XSS can allow for rogue JavaScript code to be run and initiate a pop-up window or automatic redirect. From there, any entry of email addresses, passwords, or other personal information can be stolen and used with malicious intent.

The simple rule for protecting against XSS and similar attacks is to always be mindful of what URL your browser is pointing to. If the domain portion of the address, which contains the .com or .net, looks unfamiliar then you should immediately close the browser and check your DNS settings for potential vulnerabilities. It’s also important to verify that the website you’re viewing has a valid secure sockets layer (SSL) certificate, indicated by the lock icon in the top address bar. You should never enter credit card numbers or personal information into a web form that is not secured with SSL.

Final Thoughts

Obviously, no solution is foolproof but just in case you presume yourself to be residing in a magical bubble of invulnerability from hack attacks like DNS hijacking, let us be the ones to say you probably aren’t.

This kind of nefarious behavior hits real computer systems and hurts real people every day. You’re not immune. Please take the preceding cautions to heart and you just might jam up a few bad guys along the way.

Success Secrets: How you can Pass Ec-Council Certification Exams in first attempt 

EC-COUNCIL ANNOUNCES 2018 ACADEMIA PARTNER AWARD WINNERS AT BLACK TIE GALA

The finalists for four award categories in the EC-Council Academia Partner awards program attended a black-tie gala in their honor in Atlanta, GA on September 13th prior to the annual Hacker Halted and Global CISO Forum conferences on the 14th and 15th.

In a black-tie ceremony, EC-Council honored academic leaders and innovators in information security by recognizing finalists and winners in four categories. The Academia Awards precedes both Hacker Halted, EC-Council’s largest annual cybersecurity conference, and the Global CISO Forum, EC-Council’s premier executive-level event. EC-Council’s Academia Awards recognize institutions each year that impact others through their commitment to educate and make a difference in the Cybersecurity workforce. EC-Council Academia Award recipients are first selected based on a specific award qualification category and criteria. EC-Council’s Executive Committee reviews each nominee’s impact, assessing their faculty, student experiences, industry exposure, and more prior to voting on an award recipient.

The first award category was the Academia Best New Comer of the Year award. This award is presented to an institution based on their commitment to educate and make a difference in the Cybersecurity workforce, student feedback on EC-Council courses and faculty, evaluation reports, student interaction, ratio of students who move on to test out on EC-Council certification, and volume of students educated in Cybersecurity.

The 2018 award winner was Queens College of Business Technology and Public Safety (Lambton College) in Mississauga, Canada. The college mission is to ensure that students are equipped with the most current and relevant tools to succeed in the workplaces of today and tomorrow. In a world of ever-increasing interconnectedness, the demand for properly trained security experts is increasingly vital. As such, equipping people with the principles, tools, techniques, and practical steps to defend against cyber threats is one of the fundamental imperatives of the institute.

The next Academia award is the Academia Innovator of the Year award. This award is EC-Council Academia’s newest award category. The winner of this award was based on their commitment to educate and make a difference in the Cybersecurity workforce, instructor engagement and course development, student interaction, and continuous technology development in the classroom.

The winner of this year’s award was Western Nevada College. Western Nevada College is a comprehensive community college that serves more than 5,000 students each year within a five-county area, spanning more than 10,000 square miles. Since 1971, Western Nevada College has helped students embark on the road to success by preparing them for a variety of careers through associate and bachelor’s degrees, industry certifications and workforce training. WNC offers exemplary academics, small classes, affordability and student satisfaction. Many Western grads become leaders in their communities and excel in their professions. With campuses in Carson City, Minden, and Fallon, and multiple online degrees and classes, Western can meet many students’ needs, whether they are residing in remote parts of Nevada or trying to fit in their education while balancing their commitments to work and family.

The next Academia award category is the Academic Circle of Excellence. This award is presented to five institutions. The criteria for this category includes the commitment to educate and make a difference in the Cybersecurity workforce, student feedback on EC-Council courses and faculty, evaluation reports post class, student engagement, ratio of students who move on to test out on EC-Council certifications, volume of students educated in Cybersecurity, and continuous program development.

Success Secrets: How you can Pass Eccouncil Certification Exams in first attempt