Recently it was reported: Nearly 9,000 malware-laden servers, compromised websites found in Singapore-based Interpol operation. As a response Sándor Bálint, Security Lead for Applied Data Science, Balabit said: "When most people think of the fight against malware, the first thing that comes to mind is installing anti-malware software on end-user computers. However, as this story points out, it is just as important to protect publicly available servers so they cannot be easily turned into command-and-control (C2) servers by cyber criminals, and used in subsequent attacks on other victims.
"Before this thought is quickly dismissed with the thought "Why should I care, I don't operate any server," it's worth remembering that countless people run a server without knowing it. Just think of smart devices, home automation, remote control apps, the much-hyped Internet of Things - many connected devices offer various services through the network (thus acting as servers). When connected, such services are often accessible from anywhere on the Internet... smetimes, such a server is even carried in a pocket.
"By offering services to the public, one is implicitly running the risk that others might use those services in unintended ways - including turning them into C2 servers. Whether or not this is going to happen depends on a number of factors: how securely the server component was programmed, whether the service uses any authentication, if there are known problems in the network protocols used, whether adequately strong passwords are being used, if the service is running 24/7 or only for short periods of time - and oftentimes, sheer luck factors in. And if unintended usage does happen, it could be a targeted attack against the server and its data, or the server can be used as a jump host to target others and to help cover the tracks of the criminal exploiting it - sometimes over an extended period of time.
"As a result, it is now easier to become an unwitting accomplice in cybercrime than ever before.
"Running a publicly accessible server is a responsibility. While it's not always possible to prevent any and all abuse, decreasing the attack surface (e.g. by turning off unneeded services) is essential, as is taking steps to detect and stop attacks, such as usingmonitoring solutions. Many services are able to generate usage logs, and this information can (and should) be collected and regularly reviewed. If possible, such data should be analyzed looking for signs of unusual patterns and changes in trends - preferably, the analysis should be automated.
"In some cases, the most malware defense is simply turning off unnecessary services - such as switching off your smart TV when you are not using it."