Effects of botnets – a human-organisational approach
Journal Title: Security and Defence Quarterly - Year 2021, Vol 35, Issue 3
Abstract
Botnets, the remotely controlled networks of computers with malicious aims, have significantly affected the international order from Ukraine to the United States in recent years. Disruptive software, such as malware, ransomware, and disruptive services, provided by those botnets has many specific effects and properties. Therefore, it is paramount to improve the defences against them. To tackle botnets more or less successfully, one should analyse their code, communication, kill chain, and similar technical properties. However, according to the Business Model for Information Security, besides technological attributes, there is also a human and organisational aspect to their capabilities and behaviour. This paper aims to identify the aspects of different attacks and present an analysis framework to identify botnets’ technological and human attributes. After researching the literature and evaluating our previous findings in this research project, we formed a unified framework for the human-organisational classification of botnets. We tested the defined framework on five botnet attacks, presenting them as case studies. The chosen botnets were ElectrumDoSMiner, Emotet, Gamover Zeus, Mirai, and VPNFilter. The focus of the comparison was motivation, the applied business model, willingness to cooperate, capabilities, and the attack source. For defending entities, reaching the target state of defending capabilities is impossible with a one-time development due to cyberspace’s dynamic behaviour and botnets. Therefore, one has to develop cyberdefence and conduct threat intelligence on botnets using such methodology as that presented in this paper. This framework comprises people and technological attributes according to the BMIS model, providing the defender with a standard way of classification.
Authors and Affiliations
Zsolt Bederna, Tamás Szádeczky
Keywords
Related Articles
- EP ID EP705799
- DOI https://doi.org/10.35467/sdq/138588
- Views 88
- Downloads 0
Improved detection of chemical threats by sensor data fusion
This paper presents some aspects of sensor data fusion that were derived from the EU-SENSE project of the European Commission (Horizon 2020, Grant Agreement No 787031). The aim of EU-SENSE was to develop a novel network...
The development of sanitary aviation in pre-war Poland – historical aspects
This article looks at some historical aspects of sanitary aviation in Poland in the context of global aviation and its influence on the development of Polish aviation. The research was limited to the period from the rise...
Trojan spoofing: A threat to critical infrastructure
This article explores the phenomenon of location spoofing—where the spoofer is able to “teleport” systems in and out of defined locations, either for the purpose of infiltration into no-go zones or for the “teleportation...
The performance of the Portuguese Armed Forces and the relevance of military capabilities in 21st century: The different perspectives of citizens and militaries
A high performance level in a public organisation is fundamental. The Portuguese Armed Forces can influence the environment, both external and internal, and should therefore have a high performance level and adequate dev...
Thoughts on the evolution of national security in cyberspace
Nowadays, the vast majority of the threats to our security come from cyberspace, resulting in a significant transformation of national security systems. Behind these changes, we can find some organisational and capabilit...