Botnets represent a complex problem impacting users, businesses and governments worldwide. Their impact ranges from mere annoyance to significant productivity losses. They are responsible for the distribution of billions of unwanted emails daily spreading malware and spyware that compromise personal information and the security of critical infrastructures that support our modern world.
Responding to the threats that botnets present requires a renewed commitment to multistakeholder efforts, through collaboration and data sharing. No single organization can possibly take on this challenge alone. Thus, an ecosystem wide approach to fighting botnets and malware yields significant benefits. An Antivirus Vendor (ASV) can detect many threats, but only on the systems running their software. An Internet Service Provider (ISP) can detect threats on a network, but that detection is only as good as the ISP’s threat intelligence and monitoring capabilities. A social networking site can detect malware by looking at user behavior, but only malware that targets its own site. A bank can detect fraudulent transactions from zero-day malware that no one else has seen, but only if the malware targets the bank’s organization. By using complementary detection, notification techniques, and sharing data, the ecosystem can address problems more quickly and limit damage to the extent possible.
When combined, these tactics create an integrated model, the OTA Botnet Multi-Stakeholder Ecosystem, including a shared responsibility involving both the public and private sectors. The five primary elements include:
- Prevention – Proactive activities which can reduce the vulnerability of a user’s device
- Detection – Efforts aimed at identifying threats on a device or network
- Notification – Steps to inform a user or responsible entity of the issue
- Remediation – Actions to remove malicious software from a compromised device(s)
- Recovery – Actions to resolve impact to a user’s identity from theft, account takeover, credit card fraud and related damages resulting from a botnet.
To develop the OTA Botnet Multi-stakeholder ecosystem, OTA solicited input from over 100 companies and organizations. Together we investigated collaborative initiatives and opportunities to address the challenges Botnets present to the ecosystem. The results of this outreach (through survey and facilitated telephone interviews), led to an OTA sponsored, fullday workshop in October 2012, focusing on End-User Notification best practices. These combined efforts and learning’s are represented in the paper.
