• Stefan Frei



Cyber criminals effectively exploit the opportunities provided by the rise of the Internet and have, in just a few years, successfully stolen hundreds of millions of dollars from banks across the globe. The capability of cyber criminals to centrally control millions of compromised victims in botnets allows them to adapt quickly and launch new and targeted campaigns effectively. As prevention is limited, organizations are faced with the dilemma that they have to do business with a considerable share of infected clients, which calls for new approaches to combat these threats.

CSIS operates a vast network of sensors to track botnet activity and cyber crime operations, and the data shows that emerging countries like Turkey are especially at risk. For example Turkey had 37 times more infections of the Sality botnet than Germany in 2014/Q1. Viable threat intelligence on cyber crime operations is key to identify infected machines in an organization, prevent the exfiltration of data, and to support multi-national efforts to disrupt botnets.

This paper explains how cyber criminals operate botnets and compromise victims at large scale, and informs organizations how to best utilize cyber threat intelligence to protect their business and deal with infected customers. In todays threat environment, security is as much about prevention as it is about being prepared.