When people think about hackers breaking into an organization, they often visualize one person typing away at their keyboard in order to breach the network. The reality is that many of these attacks are automated and conducted by thousands of compromised hosts called "bots". These bots can be dangerous by themselves, but together they can wreak havoc on an organization's network.
A botnet is a collection of compromised hosts or devices that are all controlled by bad actor (the botmaster/botherder) for the purposes of conducting large scale cyber-attacks. These hosts, also called zombies, act in accordance with the rest of the botnet to participate in phishing, DDoS attacks, and other malicious tactics. In order or someone to create a botnet they first have to find a vulnerability inside a host or other IoT device. Devices such as a workstation, laptop, gaming console, or even internet connected thermostats are valid targets. Once an attacker has found a host suitable to use in the botnet, the attacker will install software in order to control it remotely. Finally, once they've gotten control of enough devices, they will coordinate them with a command an control (C2) server to implement the attack.
Botnets are used in a variety of different attacks, but the primary one they're used in are DDoS attacks. Direct Denial of Service attacks (DDoS) use botnets to send thousands of session requests to a given server in order to overload it and shut it down. For instance, a botnet may use its thousands of hosts to all send connection requests to a banking website at the same time. The banks server is most likely unable to handle such an increase in traffic for long before shutting down. Attack can use this technique to just disrupt a service or extort money by holding their service hostage.
Botnets are also used in many phishing schemes. While a user may be able to block all emails from one individual account they know is a scam, it's harder to filter thousands of emails coming from thousands of different addresses. This makes the automates the process for cyber criminals so that they can focus on directing other attacks and raking the profit.
Brute force attacks are another common attack that botnets are used for. Instead of trying to manipulate a user into giving up their password for a particular application, an attacker may use a botnet to try thousands of different combinations on the off chance they get the right one. Since the attacker doesn't have to sit there and try every password, it makes brute force attacks much more viable.
The most dangerous aspect of botnets are that your computer could be compromised without you even knowing. Because the software used to infect devices runs in the background, its entirely possible your device has been used in a botnet for months with you none the wiser. So how do you know your device isn't infected? The number one telltale sign of infection is slow performance. If your computer or device has been slow to start or operate then it could be that malicious software is running in the background. Many botnets use their infected hosts to mine for cryptocurrency in a tactic called "cryptojacking". Mining for cryptocurrency is resource intensive and requires a lot of electrical power. If your device is running slower than usual, or it's battery is degrading it could be sign your computer is compromised.
Is there anything you can do to prevent your devices fro joining a botnet? One of the most important things to do is make sure all of your devices are up to date. This includes computers, gaming consoles, and even your IoT home devices like thermostats or lighting. Making sure your devices are up to date can help patch vulnerabilities bad actors are looking to exploit. Making sure you have effective spam and phishing filters can also help decrease the amount of phishing emails and messages you may get. You should also implement networking tools that can control and monitor traffic so you know who's communicating with your website and why.
CorpInfoTech (Corporate Information Technologies) provides small to mid-market organizations with expert I.T. services including compliance assessment, cybersecurity penetration tests, and comprehensive business continuity planning services. CorpInfoTech can help organizations, quantify, create, refine, and mitigate the risks presented by business threatening disasters in whatever form they may be disguised.