Bot-driven cyberattacks and other fast-spreading malware have been making some pretty big waves of late. The Mirai botnet, for example, launched several record-setting distributed denial-of-service (DDoS) attacks starting in September 2016. The subsequent release of the Mirai source code opened the door for a new wave of botnets, as the U.S. Computer Emergency Readiness Team (US-CERT) noted in an alert. After the WannaCry ransomware, which affected systems in 150 countries last year, was halted by a “kill switch,” hackers reportedly used Mirai copies to try to relaunch it. Other notable, fast-spreading attacks include Hidden Cobra, Petya, and NotPetya.
The autonomous propagation of malware has become a focus of the Department of Defense (DoD) and the intelligence community because of the threats it poses to government and private-sector operations. A presidential executive order last May classified botnets as a high-priority national security issue. And Navy Adm. Michael S. Rogers, the director of the National Security Agency and commander of the U.S. Cyber Command, last week warned Congress about the rise of cyber threats across the board. “Today we face threats that have increased in sophistication, magnitude, intensity, velocity, and volume, threatening our vital national security interests and economic wellbeing,” Rogers said.
Botnet and ransomware attacks operate similarly to other cyberattacks, but their speed and evolving tactics for avoiding detection can make them a serious–and growing–threat.
“These attacks have massive impact on global organizations, and have the capability to shut down operations entirely,” Brian Hussey, vice president of Cyber Threat Detection and Response at cybersecurity company Trustwave, said via email.
The growing sophistication of the attacks also has taken ransomware past the point of just criminals trying to swindle people out of money, and into the realm of cyberwar or cyberterrorism, Hussey said. He noted how NotPetya, in an attack the United States and U.K., blamed on Russia, was used in June 2017 to destabilize Ukraine. “The victims in that attack were clearly based on country level aggression, so much so that the ‘payoff link’ for the ransomware wasn’t even valid,” Hussey said. “Profit was not the motivator, destruction was. This changes the game and points to more sophisticated ransomware type attacks coming in the near future.”
Interestingly, WannaCry, Petya, and NotPetya all exploited a flaw in Microsoft Windows called Eternal Blue, which is believed to have been developed by the National Security Agency and later released online by a hacker group.
DoD’s research wants to fight automation with automation, using a program called Harnessing Autonomy for Countering Cyberadversary Systems, or HACCS, which is looking to develop automated software capable of countering botnets and other large-scale malware attacks. The Defense Advanced Research Projects Agency (DARPA) has so far awarded HACCS contracts to three organizations: Sotera Defense Solutions, Systems Technology & Research, and Arizona State University. The contracts are in the $7 million to $8 million range, which isn’t large by DoD standards, but they are part of the larger effort to protect the Internet of Things–a target of Mirai–government systems, and industry. Defense contractor Boeing was among the companies hit by WannaCry, although the company said the impact was minimal.
“Current incident response methods are too resource and time consuming to address the problem at scale,” DARPA says. The agency wants to develop a scalable and quick method of identifying and neutralizing botnets, even if the affected organizations aren’t aware that they’ve been hit. HACCS is looking to develop ways to accurately identify botnets, develop non-disrupting software countermeasures, and create reliable software agents that can patrol networks hit by a botnet and disable botnet implants.