The Internet: a vast computer network linking smaller computer networks worldwide. Using a variety of communications protocols, our computers can connect and exchange information at lightspeed.
But unfortunately, any technology created with positive intent can (and usually will) be repurposed for unsavory practices. So, it shouldn’t be any surprise that bad actors are taking advantage of those common communications protocols to create what are known as botnets.
In basic terms, a botnet is a group of malware-infected computers that work together to perform specific tasks, usually without the computer owners’ knowledge. Hackers known as botmasters or bot herders infiltrate vulnerable devices, turning them into “zombie” computers.
Computers can unknowingly become part of a botnet by a number of ways. Users might install a sketchy browser extension or download software that contains hidden malware. Other times, bots search for outdated programs, old devices, and weak security measures to exploit.
Once they’ve amassed a zombie computer army, hackers can control them remotely through command-and-control (C&C) servers, using standards-based protocols like Internet Relay Chat (IRC) and peer-to-peer (P2P) networking to send data among the zombie devices.
Botnet Detection: When Zombie Computers Attack
Traditionally, botnets are the weapon of choice to spread spam or commit click fraud. At the botmaster’s discretion, zombie computers can rack up site views, click on ads, watch videos, and post comments. More sophisticated botnets may go even further, from filling out forms to making online purchases.
Recently, botmasters jumped on the cryptocurrency train, using botnets to mine Bitcoins. Thanks to the massive amount of computing power their botnet stole, the botmasters running the Smominru scheme were able to make up to $8,500 a week in Monero cryptocurrency.
Undetected botnets are also responsible for the infamous DDoS attacks which have the power to cripple major websites. In a DDoS attack, hundreds of bots push traffic to a specific site. Since the site can’t handle so much traffic at once, it may become unbearably laggy or completely shut down.
The Botnet of Things
On October 21, 2016, scores of major websites broke, rendered useless by a DDoS attack powered by a botnet called Mirai. The botnet, largely made up of compromised Internet of Things (IoT) devices, bombarded Dyn, a DNSprovider, with malicious traffic, effectively shutting down its services and causing popular sites to go dark.
Securing the IoT ecosystem is proving to be a struggle. On the manufacturers’ side, there aren’t any universal security standards being put in place to regulate all the different devices out there and make bot detection easy. Manufacturers aren’t releasing critical software updates to outdated devices. In some cases, they orphan them altogether.
Sometimes the end user is at fault. The Mirai botnet took advantage of a glaring security flaw that comes shipped with many consumer-ready IoT devices: default user IDs and passwords. Most people who buy IoT devices don’t change these settings after the initial setup, essentially leaving devices open for hijacking.
Most importantly, the sheer number of devices in existence makes it just about impossible to secure them all. And that’s only going to get worse; by 2020, the number of devices in use worldwide is predicted to pass 30 billion.
Until things in the IoT industry change, expect to see more smart device-driven botnets pop up in the future.
No End in Sight
Realistically, like fraud, botnets aren’t going away any time soon. That’s why it’s so important to remain vigilant when it comes to botnet detection and protecting your online presence from cyber threats. Monitor your sites and keep your network security measures up to date to hold the botnets at bay. Gain more knowledge of bots in our free eBook, Bots 101.