EU Agency Report Targets Botnets

ENISA botnet report, Mirai

Cyber security agency ENISA has made recommendations on tackling criminal networks

The European Union (EU) cyber security agency has published a new report on “Botnets: Measurement, Detection, Disinfection and Defence”.

The European Network and Information Security Agency (ENISA) report examines the threat posed by the networks of ordinary malware-infected computers controlled by cybercriminals or ‘botnets’.

Comprehensive threat analysis

It has been compiled from ENISA’s consultations with experts from all sides of the fight against botnets, including law enforcement and Computer Emergency Response Teams (CERTs) to security researchers, internet service providers (ISPs) and anti-virus vendors.

The report addresses how to assess the threat posed by botnets to different stakeholders. It also surveys and analyses methods for measuring botnet size, which it describes as “commonly lacking accuracy” and only one factor in assessing their threat.

The report’s main findings have been distilled into a Q&A-style document, covering 10 Tough Questions about botnets.

It also includes a set of 25 different types of countermeasures for monitoring, detecting and defending against botnets from all angles. Divided into three main areas, they cover neutralising existing botnets, preventing new infections and minimising the profitability of cybercrime using botnets.

The report’s recommendations cover legal, policy and technical aspects of the fight against botnets and give targeted recommendations for different groups.

Greater cooperation needed

It also emphasises the need for a close international cooperation between governments, security research and legislative institutions. “The standardisation of processes for information exchange plays an important role,” states the report.

“This includes reports about incidents, identified threats, and evidence against criminal individuals, ideally leading to their arrest, as well as mechanisms for maintaining the confidentiality of shared information and establishing the trustworthiness of its source.”

Professor Udo Helmbrecht, ENISA executive director, also commented: “Global cooperation is indispensable for successful defence against botnets.”

But Amichai Shulman, chief information officer of security vendor Imperva, pointed out that the report does not raise the fact that botnets have become a business problem. “Businesses should start coping with the fact that they might be dealing with infected customers,” he said.

Another ENISA report focusing on legal issues in the fight against botnets will be published in the second quarter of this year.