Hello,

We noticed you're browsing in private or incognito mode.

To continue reading this article, please exit incognito mode or log in.

Not an Insider? Subscribe now for unlimited access to online articles.

  • mr. tech
  • Connectivity

    Ransomware Is a Real Threat, but Don’t Forget the Botnets

    There’s a far more potent security threat to worry about.

    Another crippling botnet has struck computers at organizations around the world. It’s massively inconvenient, damaging, expensive for all those affected, and part of an ever-growing trend of holding files hostage. But it’s also by no means the most severe cybersecurity threat that we face right now.

    Chernobyl’s nuclear plant, India’s largest container port, and U.S. hospitals were among the many organizations hit yesterday by the new strain of ransomware, called NotPetya. Like last month’s WannaCry attack, the malware encrypts files and demands payment in Bitcoin in return for their release. (Though requests will go unanswered, since the e-mail address ransom payers were to use to communicate with the hackers has been shut down.)

    Like its predecessor, it uses a Windows flaw known as EternalBlue, identified by and leaked from the NSA, to infiltrate devices. But unlike WannaCry, it can’t be halted with a simple kill switch. It appears that NotPetya finds a host via hacked software updates and then spreads by capturing administrator credentials from a computer’s RAM. That allows it to move across an entire organization’s network fairly quickly.

    It’s so far unclear who’s behind the attack. But given particularly heavy targeting of Ukrainian systems—in fact, the nation has suffered three large ransomware attacks in the last month—it’s thought that Russia may be involved.

    It’s worth taking a moment to contextualize the problem, though. To be sure, ransomware attacks can cripple organizations—in the best cases they waste time and energy while systems are restored from backups, while in the worst they can destroy data or force victims to pay large sums of money. And it is undeniably unpalatable when such attacks are targeted at organizations like hospitals, where they could literally be a matter of life and death.

    But the current attacks leverage a vulnerability in Windows XP—whose service pack 3 is almost 10 years old and no longer supported by Microsoft (though the company has stepped up and provided updates to patch the recently abused flaws). While it’s unfortunate that so many organizations still rely on such an operating system, it is very much a solvable problem that can be overcome given the correct allocation of resources.

    The same can’t be said for perhaps the biggest security threat that we face today: botnets. These collections of Internet-connected devices, such as webcams or digital video recorders, are increasingly corralled to nefarious ends, often to perform distributed denial of service (DDoS) attacks that overwhelm a server with data requests in order to prevent normal queries from being answered.

    Case in point: last year, the so-called Mirai botnet was leveled at Dyn, a domain-name-system host used by thousands of websites to manage the process of pointing computers to the correct files when a user requests a Web page. The result was widespread Internet outages across the East Coast.

    The security expert Bruce Schneier, who wrote an article for MIT Technology Review naming botnets of things one of our 10 breakthrough technologies of 2017, said the trend will only continue to grow. “Botnets will get larger and more powerful simply because the number of vulnerable devices will go up by orders of magnitude over the next few years,” he explained. “Expect more attacks like the one against Dyn in the coming year.”

    The results could become much more severe as such attacks are leveled at more, and more important, centralized Web services. In theory, far larger networks and chunks of the Internet could be taken down. Importantly, the problem here is that a system could be compromised not by an organization’s failure to keep systems up to date, but by an onslaught generated from cheap and poorly secured connected devices in homes and businesses. And even security products designed to fend off DDoS attacks can’t always block the largest of them.

    Security experts have warned Congress that this is a very real problem, which is like to be solved only via regulations on Internet of Things devices. The Trump administration has vowed to crack down on botnets, but its proffered solutions are at best a long shot. That means botnets remain a potent security threat that is incredibly difficult to defend against. And while ransomware may be making the headlines right now, it would pay to remember the bots are still out there.

    (Read more: The Register, Guardian, “The WannaCry Ransomware Attack Could’ve Been a Lot Worse,” “10 Breakthrough Technologies: Botnet of Things,” “Holding Data Hostage: The Perfect Internet Crime?”)

    Tech Obsessive?
    Become an Insider to get the story behind the story — and before anyone else.

    Subscribe today

    Uh oh–you've read all of your free articles for this month.

    Insider Premium
    $179.95/yr US PRICE

    More from Connectivity

    What it means to be constantly connected with each other and vast sources of information.

    Want more award-winning journalism? Subscribe and become an Insider.
    • Insider Premium {! insider.prices.premium !}*

      {! insider.display.menuOptionsLabel !}

      Our award winning magazine, unlimited access to our story archive, special discounts to MIT Technology Review Events, and exclusive content.

      See details+

      What's Included

      Bimonthly magazine delivery and unlimited 24/7 access to MIT Technology Review’s website

      The Download: our daily newsletter of what's important in technology and innovation

      Access to the magazine PDF archive—thousands of articles going back to 1899 at your fingertips

      Special discounts to select partner offerings

      Discount to MIT Technology Review events

      Ad-free web experience

      First Look: exclusive early access to important stories, before they’re available to anyone else

      Insider Conversations: listen in on in-depth calls between our editors and today’s thought leaders

    • Insider Plus {! insider.prices.plus !}* Best Value

      {! insider.display.menuOptionsLabel !}

      Everything included in Insider Basic, plus ad-free web experience, select discounts to partner offerings and MIT Technology Review events

      See details+

      What's Included

      Bimonthly magazine delivery and unlimited 24/7 access to MIT Technology Review’s website

      The Download: our daily newsletter of what's important in technology and innovation

      Access to the magazine PDF archive—thousands of articles going back to 1899 at your fingertips

      Special discounts to select partner offerings

      Discount to MIT Technology Review events

      Ad-free web experience

    • Insider Basic {! insider.prices.basic !}*

      {! insider.display.menuOptionsLabel !}

      Six issues of our award winning magazine and daily delivery of The Download, our newsletter of what’s important in technology and innovation.

      See details+

      What's Included

      Bimonthly magazine delivery and unlimited 24/7 access to MIT Technology Review’s website

      The Download: our daily newsletter of what's important in technology and innovation

    /
    You've read all of your free articles this month. This is your last free article this month. You've read of free articles this month. or  for unlimited online access.