Microsoft takes the fight against botnets to the Cloud!
Malicious software is a grave risk to computer users, businesses and Internet users in general. These risks can be in the form of bank fraud, denial of service attacks, identity and intellectual property theft and many more. Computer users who haven’t updated or those not using legitimate software and those without anti-malware protection are often the victims of cybercriminals. These cybercriminals using malicious software secretly enlist such computers into an army of infected computers known as a botnet. These then are used by cybercriminals for a wide variety of attacks online. Cybercrime has become a global phenomenon.
Cleaning the malware-infected computers of people around the world is just as important as disrupting the threats. We had seen earlier that Microsoft established MARS (Microsoft Active Response for Security) a few years back to proactively combat botnets. Microsoft has been actively sharing information with Internet Service Providers (ISPs) and Computer Emergency Response Teams (CERTs) worldwide.
But now utilizing Microsoft’s vast cloud resources, Microsoft is able to share that information on known botnet malware infections with ISPs and CERTs in near real-time.
The new Windows Azure-based Cyber Threat Intelligence Program (C-TIP) will allow these organizations to have better situational awareness of cyber threats, and more quickly and efficiently notify people of potential security issues with their computers.
This new cloud-based capability for C-TIP, takes the fight against botnets to a new level.
Microsoft’s Orlando Ayala joined with the Secretary of State of Telecommunications and Information Society of Spain, Victo Calvo Sotelo, to announce an agreement for the Spanish CERT, INTECO, to become one of the first organizations to receive data from the C-TIP cloud service. The Spanish CERT joins the Luxembourg CERTs, CIRCL and govCERT, as an early adopter of this program, which allows ISPs and CERTs to receive updated threat data related to infected computers in their specific country or network approximately every 30 seconds. All the information is uploaded directly to each organization’s private cloud through Windows Azure.
This is an evolution from the original Cyber Threat Intelligence Program that Microsoft developed 3 years ago. Currently, 44 organizations in 38 countries receive these threat intelligence emails. Apart from Spanish and Luxemburg CERTs, momentum is building for the newer, more advanced cloud-based program as number of others have also either signed up for the new cloud service or begun the process for signing up. This expedited form of information sharing should dramatically increase ability to clean computers and keep up with the fast-paced ever-changing cybercrime landscape. And if one is able to take away the infected resources away from cybercriminals as these criminals rely on infected computers, they will have to spend time and money trying to find new victims thus making it less lucrative. So this can be another big advantage.