The Need for Anti-Bot
There are two emerging trends in today's threat landscape:
- A profit-driven cybercrime industry that uses different tools to meet its goals. This industry includes cyber-criminals, malware operators, tool providers, coders, and affiliate programs. Their "products" can be easily ordered online from numerous sites (for example, do-it-yourself malware kits, spam sending, data theft, and denial of service attacks) and organizations are finding it difficult to fight off these attacks.
- Ideological and state driven attacks that target people or organizations to promote a political cause or carry out a cyber-warfare campaign.
Both of these trends are driven by bot attacks.
A bot is malicious software that can invade your computer. There are many infection methods. These include opening attachments that exploit a vulnerability and accessing a web site that results in a malicious download.
When a bot infects a computer, it:
- Takes control over the computer and neutralizes its Anti-Virus defenses. Bots are difficult to detect since they hide within your computer and change the way they appear to Anti-Virus software.
- Connects to a Command and Control (C&C) center for instructions from cyber criminals. The cyber criminals, or bot herders, can remotely control it and instruct it to execute illegal activities without your knowledge. These activities include:
- Data theft (personal, financial, intellectual property, organizational)
- Sending SPAM
- Attacking resources (Denial of Service Attacks)
- Bandwidth consumption that affects productivity
In many cases, a single bot can create multiple threats. Bots are often used as tools in attacks known as Advanced Persistent Threats (APTs) where cyber criminals pinpoint individuals or organizations for attack. A botnet is a collection of compromised computers.
The Check Point Endpoint Anti-Bot component detects and prevents these bot threats.