fbpx
 
Home / News, Videos & Publications / News / Homeland & Cyber Security /

BGU Researchers Combat Botnets

BGU Researchers Combat Botnets

March 15, 2016

Homeland & Cyber Security

Motherboard — Bot networks (botnets) wreak havoc online. Millions of hacks, spam operations and online fraud campaigns perpetrated by botnets in recent years have done serious damage to law-abiding Internet users. In the U.S. alone, botnets have caused over $9 billion in losses, the FBI estimates.

Prof. Bracha Shapira

Prof. Bracha Shapira

A botnet is a group of computers infected with malware that’s used to do a cybercriminal’s bidding from afar.  A hacker spreads malware to thousands or millions of unprotected computers around the world, typically through spear-phishing emails with malware-infected attachments. The hacker then controls the network remotely, harnessing the bots’ combined power to carry out denial-of-service attacks or spam campaigns that scam targets out of their money.

A BGU cyber security research team, led by BGU Profs. Bracha Shapira and Lior Rokach, have discovered and traced approximately six botnets by analyzing data collected from past cyber attacks.

Prof. Lior Rokach

Prof. Lior Rokach

BGU’s Deutsche Telekom Innovations Lab set up several hundred “honeypots” in Deutsche Telekom’s vast customer network, which comprises some 150 million people. Honeypots are designed to lure hackers by masquerading as a Web server, pretending to contain the kind of personal data that hackers love, like credit card numbers, e-mails and medical records. And in this case, it was successful.

Some of the honeypots the team set up were real databases, and the idea was “basically to just expose them to the network” and wait for them to get attacked by zombie bots, the researchers explain.

Each of the team’s honeypots was attacked thousands of times a day over a roughly one-year period. Each time they were attacked, the honeypots recorded critical information about their attackers and the way they behaved, including the attackers’ geolocation and IP address.

“We can see where the bots reside, what their IP addresses are and to which bot network they belong,” says Prof. Rokach.

Read the full article on the Motherboard website >>