Abstract
Botnets, the remotely controlled networks of computers with malicious aims, have significantly affected the international order from Ukraine to the United States in recent years. Disruptive software, such as malware, ransomware, and disruptive services, provided by those botnets has many specific effects and properties. Therefore, it is paramount to improve the defences against them. To tackle botnets more or less successfully, one should analyse their code, communication, kill chain, and similar technical properties. However, according to the Business Model for Information Security, besides technological attributes, there is also a human and organisational aspect to their capabilities and behaviour. This paper aims to identify the aspects of different attacks and present an analysis framework to identify botnets’ technological and human attributes. After researching the literature and evaluating our previous findings in this research project, we formed a unified framework for the human-organisational classification of botnets. We tested the defined framework on five botnet attacks, presenting them as case studies. The chosen botnets were ElectrumDoSMiner, Emotet, Gamover Zeus, Mirai, and VPNFilter. The focus of the comparison was motivation, the applied business model, willingness to cooperate, capabilities, and the attack source. For defending entities, reaching the target state of defending capabilities is impossible with a one-time development due to cyberspace’s dynamic behaviour and botnets. Therefore, one has to develop cyberdefence and conduct threat intelligence on botnets using such methodology as that presented in this paper. This framework comprises people and technological attributes according to the BMIS model, providing the defender with a standard way of classification.
Highlights
In cybersecurity, several actors operate with their own objectives, preferences, tools, and tactics
Because “many areas of cybersecurity are interconnected with national security” (Dobák, 2021), the essential services defined in the NIS Directive (European Union, 2016; Directive (EU) 2016/1148 of the European Parliament and of the Council, 2016) are frequently the targets of botnet attacks
Achievingthe target state of defending capabilities is impossible with a one-time development due to cyberspace’s dynamic behaviour and, botnets
Summary
Several actors operate with their own objectives, preferences, tools, and tactics. Attackers and defenders apply some or even several tools to carry out their activities; and one of the most preferred tools of the attackers are botnets. Because “many areas of cybersecurity are interconnected with national security” (Dobák, 2021), the essential services defined in the NIS Directive (European Union, 2016; Directive (EU) 2016/1148 of the European Parliament and of the Council, 2016) are frequently the targets of botnet attacks. Previous research (Bederna, Rajnai and Szadeczky, 2021) showed that criminals often use botnets against such services. Criminals targeted the health, transport, and financial and banking sectors with ransomware attacks that halted operations for hours or even days.
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
