Skip to Content

Ransomware Is a Real Threat, but Don’t Forget the Botnets

There’s a far more potent security threat to worry about.
MR. TECHmr. tech

Another crippling botnet has struck computers at organizations around the world. It’s massively inconvenient, damaging, expensive for all those affected, and part of an ever-growing trend of holding files hostage. But it’s also by no means the most severe cybersecurity threat that we face right now.

Chernobyl’s nuclear plant, India’s largest container port, and U.S. hospitals were among the many organizations hit yesterday by the new strain of ransomware, called NotPetya. Like last month’s WannaCry attack, the malware encrypts files and demands payment in Bitcoin in return for their release. (Though requests will go unanswered, since the e-mail address ransom payers were to use to communicate with the hackers has been shut down.)

Like its predecessor, it uses a Windows flaw known as EternalBlue, identified by and leaked from the NSA, to infiltrate devices. But unlike WannaCry, it can’t be halted with a simple kill switch. It appears that NotPetya finds a host via hacked software updates and then spreads by capturing administrator credentials from a computer’s RAM. That allows it to move across an entire organization’s network fairly quickly.

It’s so far unclear who’s behind the attack. But given particularly heavy targeting of Ukrainian systems—in fact, the nation has suffered three large ransomware attacks in the last month—it’s thought that Russia may be involved.

It’s worth taking a moment to contextualize the problem, though. To be sure, ransomware attacks can cripple organizations—in the best cases they waste time and energy while systems are restored from backups, while in the worst they can destroy data or force victims to pay large sums of money. And it is undeniably unpalatable when such attacks are targeted at organizations like hospitals, where they could literally be a matter of life and death.

But the current attacks leverage a vulnerability in Windows XP—whose service pack 3 is almost 10 years old and no longer supported by Microsoft (though the company has stepped up and provided updates to patch the recently abused flaws). While it’s unfortunate that so many organizations still rely on such an operating system, it is very much a solvable problem that can be overcome given the correct allocation of resources.

The same can’t be said for perhaps the biggest security threat that we face today: botnets. These collections of Internet-connected devices, such as webcams or digital video recorders, are increasingly corralled to nefarious ends, often to perform distributed denial of service (DDoS) attacks that overwhelm a server with data requests in order to prevent normal queries from being answered.

Case in point: last year, the so-called Mirai botnet was leveled at Dyn, a domain-name-system host used by thousands of websites to manage the process of pointing computers to the correct files when a user requests a Web page. The result was widespread Internet outages across the East Coast.

The security expert Bruce Schneier, who wrote an article for MIT Technology Review naming botnets of things one of our 10 breakthrough technologies of 2017, said the trend will only continue to grow. “Botnets will get larger and more powerful simply because the number of vulnerable devices will go up by orders of magnitude over the next few years,” he explained. “Expect more attacks like the one against Dyn in the coming year.”

The results could become much more severe as such attacks are leveled at more, and more important, centralized Web services. In theory, far larger networks and chunks of the Internet could be taken down. Importantly, the problem here is that a system could be compromised not by an organization’s failure to keep systems up to date, but by an onslaught generated from cheap and poorly secured connected devices in homes and businesses. And even security products designed to fend off DDoS attacks can’t always block the largest of them.

Security experts have warned Congress that this is a very real problem, which is like to be solved only via regulations on Internet of Things devices. The Trump administration has vowed to crack down on botnets, but its proffered solutions are at best a long shot. That means botnets remain a potent security threat that is incredibly difficult to defend against. And while ransomware may be making the headlines right now, it would pay to remember the bots are still out there.

(Read more: The Register, Guardian, “The WannaCry Ransomware Attack Could’ve Been a Lot Worse,” “10 Breakthrough Technologies: Botnet of Things,” “Holding Data Hostage: The Perfect Internet Crime?”)

Keep Reading

Most Popular

individual aging affects covid outcomes concept
individual aging affects covid outcomes concept

Anti-aging drugs are being tested as a way to treat covid

Drugs that rejuvenate our immune systems and make us biologically younger could help protect us from the disease’s worst effects.

Europe's AI Act concept
Europe's AI Act concept

A quick guide to the most important AI law you’ve never heard of

The European Union is planning new legislation aimed at curbing the worst harms associated with artificial intelligence.

Uber Autonomous Vehicles parked in a lot
Uber Autonomous Vehicles parked in a lot

It will soon be easy for self-driving cars to hide in plain sight. We shouldn’t let them.

If they ever hit our roads for real, other drivers need to know exactly what they are.

crypto winter concept
crypto winter concept

Crypto is weathering a bitter storm. Some still hold on for dear life.

When a cryptocurrency’s value is theoretical, what happens if people quit believing?

Stay connected

Illustration by Rose WongIllustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.