Opinion: Meeting the new challenges of EnemyBot head-on

Maher Jadallah, Senior Director Middle East & North Africa at Tenable

Botnets first gained widespread notoriety in the early 2000s and continue to be a common and disruptive source of trouble around the globe. Since the start of the COVID-19 pandemic, cybercriminals have stepped up their attacks against individuals and institutions alike, spurred on by increasing digitalisation, according to the Global Cybersecurity Outlook 2022 published by the World Economic Forum [1].

Proof of this unfortunate trend reared its head in May this year, when research by AT&T Alien Labs™ found that EnemyBot operators were exploiting recently identified vulnerabilities across content management system servers, Android and other IoT devices [2]. What this means in plain English is that the gap between a vulnerability being discovered and it being exploited is shrinking.

EnemyBot was first discovered in March 2022 and is actually the sum of code taken from other disruptive botnets including Mirai, Qbot and Zbot. Some experts describe it as an updated version of Gafgyt_tor, as it leverages a number of botnet functions sourced from the Gafgyt codebase. What makes Enemybot a bigger concern is that its code can be easily found online, which makes it a do-it-yourself botnet for nefarious individuals to bend to their needs.

Trouble Compounded

In today’s digital world, securing devices and networks has become challenging due to several issues. Coming back to EnemyBot, threat actors are actively developing this botnet, meaning the criticality of a vulnerability can change from one moment to the next.

Since this botnet is modified regularly to take advantage of new vulnerabilities, it is difficult to protect against; each time threat actors hear of a vulnerability and realise they stand to benefit from exploiting it, it’s a given that they will rapidly tweak the botnet to achieve their goals. In some cases, vulnerabilities don’t even have CVE numbers by the time they are exploited by EnemyBot or other such attacks.

Another unfortunate issue complicating the security landscape is that it is now easier to launch a cyberattack today than in years gone by. The result of this is…