What’s the reason for this sudden rise in botnet blocks? Data from CIRA Canadian Shield reveals that the five-day spike was the result of a pseudo-random subdomain (PRSD) attack, which in this case used the hostname “webserve systems” as its call-home. This type of attack, as its name suggests, uses pseudo-random algorithms to launch botnet attacks on authoritative name servers (e.g. google.com) by sending a large number of DNS queries for non-existent subdomains of the target domain (e.g. abcdefg.google.com). Eventually, these illegitimate queries result in a denial of service for legitimate queries sent by real users.
DNS-layer security is a critical insurance policy against botnet attacks
While these and other types of botnets tend to fly under the radar, and may not pose a threat every day, when activated, they can have devastating consequences. For individuals, having a device infected with a botnet means they’re liable for any attacks that are launched from that device, even if they’re unaware that it’s infected. For businesses and other organizations, successful botnet attacks can lead to substantial reputational and financial losses. Botnets can also be a huge problem for internet service providers (ISPs), since the illegitimate traffic they generate steals bandwidth from legitimate traffic. This slows down internet performance as a whole for ISP customers and creates additional operating costs. That means that, even if you aren’t personally impacted by botnets, you still pay the price through slower performance and a higher monthly bill.
That’s why protecting against botnets is crucial. No single cybersecurity solution is completely effective in combatting cyber threats, but a DNS layer of security is a good place to start. CIRA’s offering for households, CIRA Canadian Shield, is a free-to-use service that protects your privacy and helps combat cyber threats that target the DNS layer. Even with other cybersecurity protections in place, Shield acts as an added layer that will help to keep your devices and networks secure. A protected DNS service combats botnets by preventing them from accessing the internet and launching attacks. For organizations of all types, DNS-layer security acts as an insurance policy against botnets; while they might not be a problem right now, that can change quickly, and that’s why having the right protection in place is crucial when it’s needed most.
At work, organizations can add a DNS layer of security through services like CIRA DNS Firewall. It runs on the same technology as Canadian Shield but enhances administrator control through custom security policies. By ensuring important organizations like hospitals, universities and municipalities can continue to function in the face of cyber attacks such as botnets, CIRA DNS Firewall plays a key role in CIRA’s mission of building an internet that everyone in Canada can trust.
The CRTC recently recommended that Canada take a consistent approach to botnet blocking. CIRA strongly supports this approach and views it as essential for blocking botnets and protecting Canadian internet users, organizations, and the country’s internet infrastructure.
Read more about how CIRA Canadian Shield can provide protection from botnets and many other types of malware online.
If you’re looking for enterprise-level protected DNS resolution and filtering, check out CIRA DNS Firewall.