Botnet report: size isn't everything
The European Network and Information Security Agency (ENISA) has released a report on the methods for detecting, measuring and fighting botnets. Entitled "Botnets: Measurement, Detection, Disinfection and Defence" , the report describes various methods in the individual disciplines; among its findings is that the size of a botnet isn't a measure of the threat it represents.
Individual risks need to be evaluated for different groups of stakeholders, for instance in terms of a botnet's damage potential for an individual group, said the report. The detection of botnets is generally said to be difficult because, as an example, bots behind a gateway in a corporate network may only appear as a single IP address.
In its report, ENISA also makes recommendations on what needs to change on an organisational and policy level, beyond the mostly already solved technical issues, in order to enhance the capabilities for combating botnets. For example, ENISA said that ISPs should be given financial incentives for supporting their customers in the fight against malware. Another recommendation is to tackle the value-creation schemes of botnet operators to minimise the profitability of their botnets.
The successful mitigation of botnets is also reportedly hindered by unclear or inconsistent legislation across Europe. For instance, there is apparently no unified ruling on whether an IP address is to be treated as personal data. The exchange of information among EU member states should also be improved, said the report.
- Cloud guidelines for public bodies, a report on a recent ENISA report from The H.