Input from over 100 businesses, governmental agencies and thought leaders who have been working to help detect, prevent, remediate and recover from the threats of botnets and cybercrime has resulted in a comprehensive white paper outlining best practices for end-user botnet notification. Published this month by the Online Trust Alliance (OTA), a member-based non-profit representing businesses and organizations from across the global Internet ecosystem, the paper can be downloaded from https://otalliance.org/botnets.html
The working group behind the paper believes providing users notices with the tools and educational resources to help remediate and recover from bots is a shared responsibility and critical to the vitality of the internet.
“Collectively the working group recognizes the importance of preserving online trust and the integrity of the Internet,” says Craig Spiezle, executive director and President of the Online Trust Alliance. We can no longer afford to work in a silo to fight the growing sophistication of the cybercriminal.”
Through information sharing among the working group members, participants recognized the importance of moving from sectorial efforts, to a wider holistic view of consumer protection. Concurrently, it was agreed the burden of fighting botnets should not rest solely on any single stakeholder. The industry has the responsibility of employing best practices, while users share a responsibility to keep their devices patched and to exercise safe computing practices.
This paper represents a significant effort from a broad group of participants including the AV community, security industry, OS vendors, social networks and others working to help stem the tide of botnets. It builds on the efforts of other initiatives including the joint ISAC Botnet Mitigation Process Working Group, and the Federal Communications Commission’s Communications Security, Reliability and Interoperability Council (FCC CSRIC) Anti-botnet Code of Conduct for ISPs.
In addition, OTA has published several recommendations that will help to curb the spread and damages from botnets. These include email authentication to aid in the detection of bot-laden email; application auto-updating to reduce device vulnerabilities; server security to reduce website exposure to security and privacy threats; and best practices to help secure the advertising and interactive marketing supply chains from malvertising.