Bots Combine! : Behind the Modern Botnet presented at Bsidesamsterdam 2017

by Andrea Scarfo,

Summary : Botnets are part of the dynamic infrastructure seen in modern large scale cyber attacks, spy networks, spamming, and the distribution of malware. Over the years, botnets have gained a global reach and this has enabled cyber crimminals to make millions from exploiting their many targets. These targets can be private companies, government agencies and banking institutions, to name a few. We’ve also seen botnets be used simply for destruction, in DDoS attacks. My research highlights how I as a Security Analyst, see today’s botnets being used. Using the unique and massive view of DNS traffic that I have available to research, I’ll highlight how I analyze the infrastructure of the C2 domains that are being used to deliver malware and enlist systems into botnets. I’ll also analyze the tactics behind turning systems into bots and how we’ve seen these used in particular with delivering Hailstorm Spam. Additional listener takeaways : Why are botnets such a hard problem to solve? Why do botnets succeed? Why do we need to continue to research botnets?