Sadly, it is not only possible but quite likely.
Despite the best efforts of IT departments, hosts and networks can and often do become infected with botnet malware via a wide range of vectors, including watering hole and drive by downloads, to worm-like network propagation, removable media, trojan horses and even social engineering.
Because they rely on known signatures and/or specific network addresses of prior suspected victims (both of which have to be known a-priori), personal firewalls and antivirus have proven of limited use against these threats.
Once infected, compromised devices, called 'bots', can be controlled remotely in coordinated campaigns used to carry out sophisticated and crippling cyber attacks.
How would you know if your network has been infected?
Detecting botnets is not easy and most organizations today only find out about their compromise once their own network blocks become blacklisted by upstream providers.
Some organizations offer intelligence feeds that provide daily lists of known command and control (C&C) servers that can be used to identify infections in their networks. When integrated into proactive Security Operations and CERT/CSIRT processes, these feeds can aid in identifying active infections, thereby reducing an organization's exposure to known cyber risk.
The problem with the cyber-intel-only approach
Cost considerations aside, cyber intelligence feeds are only available a posteriori, meaning that cyber intel researchers have had to come across the specific malware variant before. In addition, attackers frequently change approaches in order to avoid detection. This includes frequently migrating to new, previously unknown C&C locations, rendering the feeds immediately obsolete, as well as changing modes of operation, as the new breed of bots demonstrates, which communicate via P2P protocols.
While it is possible to mitigate risk in this fashion, in order to properly manage the risk posed by these evolving threats, organizations must invest in behavioral analytics approaches which have been proven to aid in the detection of new and evolving evolving threats.
About Cienaga Systems
Cienaga Systems' DejaVu is the easiest way for organizations to deploy world-class security monitoring or enhance existing cyber threat management capabilities.
Through DejaVu, leading organizations efficiently and cost-effectively monitor thousands of endpoints in realtime for early warning signs of compromise, reducing cyber risk and enhancing compliance with legal and regulatory requirements, as well as industry best practices.
Visit www.cienagasystems.net to learn more.
Through the use of Genetically Engineered Cyber Security, Cienaga Systems technologies offer organizations the easiest way to monitor their networks and reduce cyber risk while increasing PCI, HIPAA and regulatory compliance.