What is a botnet?
Botnet is a term that sounds straight out of a science fiction movie, but while fanciful sounding these are a very real cybersecurity threat! A botnet, in simple terms, is a network of infected computers that is controlled by a hacker without the owner’s knowledge. These networks can include thousands or even millions of malware-infected devices.
Here is what you need to know about botnets and the steps that you need to take to keep your computer free from botnet malware.
How does a botnet work?
An effective metaphor for thinking of botnets is that of a zombie army. Anyone who has watched zombie movies knows that a single zombie is usually not a major threat – trouble arises when they are in numbers.
Hackers use malware to infect internet connected devices and bring them under their control. The hacker then enlists these compromised devices into a vast army, or ‘botnet,’ ready to act on the hacker’s command. Every new device infected adds another zombie to the militia.
The real danger of botnets lies in the strength of numbers. A botnet is not limited to a single device, home, or business. They can span across cities, countries, and even continents, and contain thousands, hundreds of thousands, or millions of devices. This wide-reaching, interconnected network can carry out tasks on a scale that would be impossible for a single device, amplifying the potential harm a hacker can do.
What can a botnet control?
Nearly any device connected to the internet can be enlisted into a botnet, including desktop computers, laptops, and even Internet of Things (IoT) devices like home security systems, thermostats, or smart fridges. IoT devices are frequently targeted by hackers as they often lack the robust security found in computer operating systems and are infrequently updated. While these devices may only have a fraction of the computing power of a typical laptop, when hundreds of thousands of them work in parallel towards a common goal, even tiny computers can be used to perform large-scale cybercrimes.
How do hackers control a botnet?
Hackers control a botnet from a remote location using command and control (C&C) servers. Through these servers, they send instructions to the infected machines, directing them to perform various tasks, from sending spam emails to launching cyber attacks. The hacker leading these bots is sometimes called a ‘bot herder.’
In the past, C&C servers were often physical servers – but this made it relatively easy to locate their IP addresses and shut them down. Today, hackers use cloud-based servers or have the bots act as a peer-to-peer (P2P) network, distributing their commands from one bot to the next in a random fashion which is difficult to track. One of the most notorious P2P botnets, Gameover ZeuS, infected over a million devices and used an encrypted P2P network to elude law enforcement efforts for nearly a decade.
Since hackers have long been involved in a cat-and-mouse battle against security researchers, including well-funded government agencies like the FBI, they have become increasingly adept at hiding their C&C servers. In some cases the bots use encrypted messaging apps like Telegram to phone home, or obfuscate their communications by using built-in Tor browsers.
What are botnets used for?
Botnets can be used for a variety of malicious activities. These include stealing sensitive information, spreading malware, or conducting attacks on websites or networks.
Types of botnet attacks
Spambots and Phishing Emails
Botnets can be used to launch spam and phishing attacks. The botnets are tasked with a simple task – sign up for email addresses and send out emails or text messages that peddle fake prescription medicine, counterfeit goods, or that trick recipients into providing sensitive data like passwords or credit card numbers.
One spambot network, Rustock, could send out 30 billion emails per day. Rustock’s command and control server was seized in 2011 and globally email volume fell by 25% overnight.
Distributed Denial-of-Service (DDoS) Attack
In a DDoS attack, a botnet can flood a website or network with so much traffic that it can’t handle the load, causing it to crash. This is often used to disrupt businesses or websites. For a more detailed look at DDoS attacks, check out our article on how DDoS attacks work.
Cryptocurrency mining
Cryptocurrency mining involves using computer processing power to solve complex mathematical problems, a process that can earn the solver cryptocurrency. However, mining requires significant computational resources, and costs the miner both time and money.
That’s where cryptocurrency mining botnets come in. Hackers use the combined power of all the computers in the botnet to mine cryptocurrency much faster. This unauthorized use of resources can slow down your computer and increase your electricity bill, all while the hacker reaps the benefits.
Recently, some cryptocurrency botnets have even been stealing Amazon Web Services (AWS) credentials and have been running their crypto mining operations on the cloud.
Ransomware attacks
In some cases, the threat actors coordinating the botnet can trigger infected devices to deploy ransomware, locking users out of their system and demanding payment for release of their data. Oftentimes, even if the ransom is paid, user data is permanently lost or corrupted.
Brute force attacks
In this type of attack, a hacker leverages their vast botnet network to incessantly guess a system’s password. Unlike a single machine, a botnet can scatter these attempts across multiple devices, making the guessing process incredibly fast and difficult to trace.
This high-speed trial and error approach may eventually crack the code, giving the hacker unauthorized access to private systems and sensitive data.
Botnet for hire
Not all botnets are directly controlled by the hackers who created them. Some cybercriminals, recognizing the value of a vast network of compromised devices, offer their botnets for hire. These ‘rent-a-botnet’ services are available on dark web communities catering to hackers, and allow even relatively inexperienced individuals to launch large-scale attacks or scams.
These hired botnets can be used for any of the purposes we’ve already discussed, from DDoS attacks to cryptocurrency mining. The renting hacker doesn’t need to worry about building and maintaining the botnet, they simply give their instructions and the botnet owner sets the network to work. This alarming trend has increased the potential scale and frequency of botnet attacks.
It can be hard to appreciate the scale of these malware-as-a-service (MaaS) businesses – after all, how much demand could there really be for botnets? Well, darkweb customers can now find user reviews for different malware vendors and even receive customer support and help desk services from their botnet provider. In an effort to compete in the growing MaaS market the barrier to entry for inexperienced criminals has fallen to all-time lows.
How to protect yourself from botnets
Thankfully, preventing your devices from becoming part of a botnet is relatively straightforward and mostly involves following good cyber hygiene practices:
Use strong passwords for all internet connected devices
One of the easiest ways to increase your network security is by using strong, unique passwords for each of your devices and online accounts. This includes IoT devices such as security cameras, thermostats, and even smart light bulbs. In addition to securing your smart devices, be sure to change your router’s default username and password.
Activate your router’s built-in security features
Many routers ship with powerful features, like firewalls, which can help secure your network. However, they are not always activated by default. It is important to check your router settings and enable these features if present.
Consider setting up a dedicated network specifically for your IoT devices, protecting your devices which contain sensitive data from becoming infected if a smart device is compromised. If you are renting your router from your internet service provider, then you may not have as many options available to you. Generally, ISPs will let you use your own router, allowing you to take greater control over your network security.
Avoid purchasing devices with weak security
When buying smart devices, consider their security features. Devices with robust security measures are less likely to be compromised.
While a WiFi connected toilet might sound like a good idea, consider that a plumbing company may be less likely to provide regular security updates. Eventually devices like these may prove to be a greater liability than asset.
Keep your operating system, software, and firmware updated
Resist the temptation to postpone software updates. In most cases these updates are less about changing the core functionality of your system but instead are patching vulnerabilities. Hackers actively seek out systems which have not been updated, exploiting known vulnerabilities!
Be wary of any email attachments
Avoid opening email attachments from any source as they could contain malware that infects your device. Even if an email attachment is from a trusted contact, be sure to scan it for malware before opening it. Malicious software commonly spreads by emailing itself to the infected computer’s contact list, or by spoofing trusted email addresses.
Don’t click links in any message you receive
Similarly, avoid clicking on links in emails or messages from unknown sources, as they might lead to malicious websites. If you receive a message from your bank or a financial institution, type in its web address in your web browser and check for notifications from there.
It is not uncommon for links to take you to websites which look very similar to the real website, but then steal your login credentials or attempt to download malware.
Install and use anti-virus software
Good anti-virus software can protect your devices from malware, spyware, and trojan horses. Regularly update this software to ensure it can protect against the latest threats. Be sure to set up scheduled antivirus scanning and use your antivirus software to scan all downloads before opening them
Staying Safe from Botnets
In our increasingly interconnected world, botnets pose a significant and growing threat. However, by understanding what botnets are and how they work, you can take proactive steps to protect your devices.
Remember, the cornerstone of staying safe online is maintaining good digital hygiene: use strong and unique passwords, keep your system updated, avoid opening email links and attachments, and use firewalls and antivirus software to protect your computer from viruses and malware.
