How can organisations investing in Blockchain solutions prepare their security team for the impact of the technology?
By Doros Hadjizenonos, Regional Sales Director (Southern Africa) at security specialist Fortinet
As organisations like the FBI and Interpol work harder to track and arrest cyberattackers, criminals are being forced to look for new ways to avoid detection, attribution, and capture.
Bitcoin taught us it was possible to build systems that are deployed between multiple entities to conduct transactions without compromising the privacy of individual participants. This ability makes Blockchain a desirable candidate for creating anonymous C2 systems. Until recently, however, this was just a theory. But now, security researcher Omer Zohar has successfully used Blockchain technology to create a takedown-resistant, command-and-control infrastructure for botnets built on top of the Ethereum network.
The biggest challenge of any botnet is maintaining communication with its controller. C2 communications are the weakest link in any botnet environment, exposing a bot herder to detection and takedown. An interesting development, therefore, is the integration of several elements into a single solution:
- Using automation to build swarms
- Leveraging swarm intelligence for resource utilisation
- Using Blockchain for a secure last point of contact or communication with an autonomous swarm to replace more vulnerable C2 solutions such as Fast Flux networks (a technique used by botnets to hide malware delivery sites) or P2P communications
While most people only consider Blockchain in terms of digital currencies, they can also be used to ensure a wide range of functionalities. For example, secure Blockchain communications are immune to data modifications, eavesdropping, MITM attacks and replay attacks. They also ensure high availability, as the node is always able to find the C2 server.
It is also highly scalable; it can support any number of implants and any load of transactions and is only limited by the overhead required to run the Blockchain. Because only valid implants can connect, it can also prevent things like replays and honeypotting. One of the most critical advantages of Blockchain technology is anonymity. Since it hinders law enforcement from gathering information on network operators, it represents a dangerous new challenge. And because there is no single point of failure, and the lack of a logic path prevents an adversarial takeover of the network, it is also takedown resistant.