All the latest UK technology news, reviews and analysis

Botnets infecting 18 systems per second, warns FBI

16 Jul 2014
The high infection rate of criminal botnets costs the US and global economies billions of dollars

Criminals are developing increasingly sophisticated attack strategies that let them infect as many as 18 systems per second with their botnet armies, according to the FBI.

FBI assistant director Joseph Demarest revealed the statistic while briefing a Senate sub-committee about the agency's current and future anti-cyber crime strategy on Tuesday. He said the news is troubling as the botnets' high infection rate costs the US and global economies billions of dollars.

"The use of botnets is on the rise. Industry experts estimate that botnet attacks have resulted in the overall loss of millions of dollars from financial institutions and other major US businesses," he said.

"The impact of this global cyber threat has been significant. Botnets have caused over $9bn in losses to US victims and over $110bn in losses globally. Approximately 500 million computers are infected globally each year, translating into 18 victims per second."

Demarest added this is doubly troubling as many of the botnets are currently rentable and could be used by a variety of criminals or terrorist organisations.

"As you well know, we face cyber threats from state-sponsored hackers, hackers for hire, organised cyber syndicates and terrorists. They seek our state secrets, our trade secrets, our technology and our ideas – things of incredible value to all of us," he said.

"They may seek to strike our critical infrastructure and our economy. The threat is so dire that cyber security has topped the Director of National Intelligence's list of global threats for the second consecutive year."

The FBI assistant director's claim follows the discovery of a new Energetic Bear hack campaign targeting critical infrastructure. The threat was so severe that at the start of July the US Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) issued a warning urging firms involved in critical infrastructure to check their systems.

Demarest said the FBI is already developing new technologies and techniques to help mitigate the growing threat, but argued that increased collaboration between law enforcement agencies and the public and private sector is needed to deal with the problem.

"The FBI's overall goal is to remove, reduce, and prevent cyber crime by attacking the threat through the identification of the most significant cyber criminal actors. Our success can only be attained through co-ordination of our overall cyber criminal strategy amongst all FBI Cyber Division's existing and emerging entities," he said.

"The FBI cyber criminal strategy also includes working closely with our international partners to develop a holistic assessment of the threat posed by cyber criminals and organisations to partner countries.

"Through this collaborative process, the FBI hopes to launch aggressive and comprehensive mitigation strategies through joint investigations and operational partnerships with law enforcement partners, private industry, and academia."

Demarest highlighted the recent success of the recent international Gameover Zeus takedown as proof of his claim. "In June 2014, the FBI announced a multinational effort to disrupt the Gameover Zeus botnet, the most sophisticated botnet that the FBI and its allies had ever attempted to disrupt," he said.

"This effort to disrupt it involved impressive co-operation with the private sector and international law enforcement. The FBI is proud of these successes, but we recognise that we must constantly strive to be more efficient and effective. Just as our adversaries continue to evolve, so too must the FBI.

Experts within the security community have been less positive about the Gameover Zeus operation, though. Speaking to V3 after the takedown many warned the operation could spur the botnet's owners to develop more dangerous attack strategies.

The warnings proved right on 11 July when an evolved, more resilient version of the Gameover Zeus botnet was discovered.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Alastair Stevenson

Alastair has worked as a reporter covering security and mobile issues at V3 since March 2012. Before entering the field of journalism Alastair had worked in numerous industries as both a freelance copy writer and artist.

View Alastair's Google+ profile

More on Security
What do you think?
blog comments powered by Disqus
Related jobs

Work location poll - office, remote or home?

Where do you spend most time working on your primary work device?

Popular Threads

Powered by Disqus
LG G Flex 2 hands-on review

CES 2015: LG G Flex 2 video

A closer look at LG's latest curved-screen smartphone

Updating your subscription status Loading

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button

Beacon technology: what are the opportunities and how does the technology work?

This paper seeks to provide education and technical insight to beacons, in addition to providing insight to Apple's iBeacon specification


Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

C# Developer, Mobile platforms, iOS, Android, Java home-working

Software Developer, cross mobile platforms, home-working...

IT Security Specialist / Practitioner

IT Security Specialist / Practitioner; London (SE1);...

BI Developer Legal Services SQL

BI Developer | £42,000 to £52,000 | London | Legal Services...

BI Manager eCommerce SQL

BI Manager| eCommerce | London | £50,000 to £70,000...
To send to more than one email address, simply separate each address with a comma.