ENISA Issues Suggestions to Deal with Botnet Threats
Recently, European Network and Information Security Agency (ENISA) released a report on detection, measurement, disinfection and defense from botnets.
Recently, European Network and Information Security Agency (ENISA) released a report on detection, measurement, disinfection and defense from botnets. The report focuses on detection and removal of botnets, prevention of new botnet infections and reducing the profitability arising from botnets and cybercrime. The agency emphasizes on incentivizing Internet Service Providers (ISPs) to encourage botnet detection, improving botnet identification measures and malware analysis and information sharing between stakeholders. The report stresses on removal of the entire botnet command and control infrastructure to minimize chances of attackers regaining control and developing deterrence against further botnet takedown efforts.
Cyber security awareness among people is crucial to improving online security practices. Efforts must be made to minimize the growth of malware by improving vulnerability management by developers of IT products and software. Improvement in anti-fraud mechanism and tougher punishment for cybercrime are crucial to reduce the profitability derived by offenders from botnet campaigns and other forms of cybercrime.
The agency suggests improvement in the legal framework and creation of a practical basis to deal with different forms of cybercrime such as establishment and operation of botnets, use of botnets for sending spam e-mails, launching DDoS attacks, stealing of user credentials. Lack of homogenous laws acts as a major deterrence in combating cybercrime. Harmony in cybercrime related laws in the European Union (EU) are crucial to wipe out the botnet infrastructure and enhancing international cooperation. The report emphasizes on creation of responsive network of stakeholders with clearly defined roles and responsibilities across the member states of the European Union (EU). IT professionals must keep themselves abreast of the latest security threats and preventive techniques through e-learning and online IT degree programs.
Internet users must install and regularly update security software to safeguard their computer systems from malware and other forms of threats. Other stakeholders must create Internet security awareness among the public and provide guidance on preventive, detection and mitigating measures through brochures, online IT courses and video tutorials. The agency recommends using ISPs as a medium to notify users on remotely identified infections. The report stresses on the need to integrate and support research institutions in combating botnet attacks. The institutions must aim at developing techniques suited for large-scale operational environments. They must study various botnet detection techniques and conduct malware analysis to devise new tools, which could facilitate quick reaction to complex malware threats. Students should be encouraged to take up IT degree programs to meet the growing requirements of information security professionals.
The agency recognizes the need for effective information sharing among different stakeholders such as counter crime agencies, ISPs and research institutions. Effective coordination and information sharing among these stakeholders could facilitate proper organization of the collected data and creation customized data exchange formats to facilitate investigations. Coordination between stakeholders could also help in creating balance between data protection and privacy laws, enhancing Internet security and ensuring stability of critical infrastructure facilities.
EC-Council University is based in Albuquerque, New Mexico and offers Master of Security Science (MSS) degree to students from various backgrounds such as graduates, IT Professionals, and military students amongst several others. The MSS is offered as a 100% online degree program and allows EC-Council University to reach students from not only the United States, but from all around the world.
EC-Council is a member-based organization that certifies individuals in cybersecurity and e-commerce skills. It is the owner and developer of 16 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT). Its certificate programs are offered in over 60 countries around the world.
EC-Council has trained over 80,000 individuals and certified more than 30,000 members, through more than 450 training partners globally. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. federal government via the Montgomery GI Bill, Department of Defense via DoD 8570.01-M, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates the global series of Hacker Halted security conferences.
Tag Words: botnet attack, botnet threats, spam campaigns, ddos, stakeholders, enisa, data privacy, data protection, botnet