What is a Botnet And Why is it Extremely Dangerous?

A botnet is one of those cybersecurity tech terms that may conjure up associations to something like a swath of flying androids in an interplanetary Star Wars battle scene. Unfortunately, a botnet is nowhere near as charming (or as fun) like this in real life. It is a very menacing scenario. This is because the concept of a botnet is tied to heavy cybercrime, and it has caused serious damage to the economy over the years. This is why it is important to look at what a botnet is and how you can protect yourself from botnets, as well as mention some real-world scenarios where the terrifying power of botnets is evident.

What is a Botnet?

The word itself is a compounded form of Bot and Net. It can also be perceived as Robot and Network -which would be a more technically accurate way of putting it. According to Vinny LaRiza, who is with global security specialist Cisco, a botnet is “a collection of compromised hosts (the ‘hosts’ being computers. a.k.a. YOUR computer), that is controlled by a single entity, usually through the use of a server known as a botnet controller.” So, to recap a botnet is x number of computers, or bots, that are interconnected and infected with malware (malicious software) by cybercriminals with the end goal being to launch attacks, scams, or simply leech onto the processing power of other computers. Simply put, an army of zombie-like devices is controlled by a single source. Botnets do not have to exclusively be computers, but can also be any device with an operating system, a connection to the internet, and a CPU e.g. a botnet can be a group of smartphones, laptops, desktop computers, or even mainframe computers (or a combination of these.) Once infected by malware by cybercriminals, these hijacked bots form an infected botnet, all controlled in unison by a ‘bot herder’ or ‘bot master’ via a server. A cybercriminal uses specialized bot programs (clients). Botnets are usually the initial, infiltration layer of a larger scheme that aims to distribute malware across networks, steal data or launch automated large-scale attacks. For cybercriminals (black hat hackers) a botnet is both more cost and time-efficient than other forms of attacks because leveraging several machines for a single purpose increases efficiency by a large margin. Not to mention, the ability to automate attacks is the laziest form of return on investment there is for hackers.

A default botnet setup process would look like this;

1.    Cybercriminals first exploit a vulnerability

2.    Devices are infected with malware that completely compromises the device

3.    Finally, cybercriminals mobilize their deeds via botnets over centralized client-server C&C (command and control) or P2P (Peer-to-Peer) channels

A centralized attack involves the bot controller handing over infected devices to a C&C server and sending them updates on what to do, while in a P2P attack zombie bots will automatically seek to infect others in the network. A botnet does not have to be constructed by an advanced cybercriminal, because they are available on the dark web for purchase, or rent by anyone. What’s worse, it is also difficult to reveal the botmaster or bot herder because there are so many devices involved in the attack.

Real-World Examples of Botnet Incidents

Botnets are most commonly seen in the following scenarios;

●     Phishing campaigns

●     Cryptojacking attacks

●     Cryptolocking

●     Keylogging

●     DDoS attacks

●     Snooping

●     Spamming

Botnets are a big piece of the pie when it comes to malware infection and distribution across the internet, which leads to everything from theft of data and credentials to website destruction and extortion. There have been several recorded examples of botnets over the years like; Rustock, Cutwail, Conficker, Mariposa, Gameover Zeus, and more. All of these botnet campaigns infected hundreds of thousands to dozens of millions of systems and have caused immeasurable financial damage. Some botnet attacks can go so far as to hoover up huge amounts of cryptocurrency, even take down entire governments. Botnets are usually taken offline by authorities once detected. Yet, some are still simply inactive but have the potential to reactivate. Some are still online to this day.

Can You Protect Yourself From Botnets?

Protection from botnets requires a different strategy for individuals and corporations. For organizations that hold a large amount of sensitive data, a multi-layered defense strategy including IDS or Intrusion Detection Systems as well as hardcore firewalls is key. Furthermore, controlling what employees click on in their inboxes is also key -which means that employee and end-user training is critical. As for the home user, taking care not to click on emails from unknown sources as well as using reputable anti-malware software is very important to avoid being caught in a botnet. Internet best practices help too; cycling passwords every so often, avoiding unsecured websites, avoiding public WiFi, and not downloading verified applications. Keeping all software updated to the latest releases is critical for good cybersecurity, as is reformatting your operating system from time to time to flush out any iota of potential malware. Finally, if you notice a slowdown on your device, or you notice the device is heating up for no reason, this could be an indication that you have been caught in a botnet -in which case you should contact the device manufacturer for support.

Disclaimer: No Asian Age journalist was involved in creating this content. The group also takes no responsibility for this content.