What Is A Botnet & How Does It Work?
When thinking about a botnet, it’s helpful to visualize it as an army of connected devices. The army comparison works here because botnets are a collection of individual devices working together as a single unit.
It’s a little more obvious if you breakdown the name: robot + network = botnet. It’s literally a network of robots.
These “armies” can be made up of PCs, mobile devices, servers and IoT devices. Basically any internet-connected or network-connected device can be infiltrated and brought into a botnet army.
In this article, we’ll discuss what these armies are capable of and how they are usually used. We’ll also explain how botnets and cybercriminals can carry out DDoS attacks, the most “famous” botnet attacks and how to decrease the potential of botnet attacks. But first, it’s important to understand the basic reasons why botnets are concerning.
Why Are Botnets Concerning?
Recently, the conversation around botnets has grown from one that largely existed only in the cybersecurity space to a more universal discourse. Botnets have been used to facilitate the spread of “fake news” sites that have proved capable of driving public opinion around the economy, government, elections and more.
Botnets have shown that with this capability comes a great amount of power. One prominent example even comes from over a decade ago. Cybercriminals launched a DDoS attack in Estonia that sparked an international conflict that is still ongoing. And that is certainly not an isolated incident.
As more information moves to the cloud, governments have become a popular target for cybercriminals as their networks hold valuable personal information that can be exploited. In the Estonia attack, this was definitely the case. In years prior, the nation was lauded for its use of the internet to improve government efficiency and give people easier access to services that previously crawled along in bureaucracy. Estonians could check their medical records, file taxes and even vote online.
The general move toward digital information storage opens the door for risks. Governments are trying to mitigate these risks every day, and that includes in the United States government. Even as recently as 2018, the U.S. Department of Homeland Security showed this to be a risk that warrants very serious attention. The department even released a report promoting action against botnets and other automated threats in January of this year.
But it’s just as true in the private sector. In fact, many speculate that to protect the digital ecosystem these two entities need to cooperate in fighting against botnet attacks. This quote from Gary Shapiro, president and CEO of the Consumer Technology Association highlights that movement:
“More, we agree with the report’s findings that botnets and related automated attacks are an ongoing problem, often launched from outside the U.S. Fighting them requires cooperation between the public and private sectors,” Shapiro said, following the release of that government report.
Perhaps collaboration can prevent more large-scale attacks to governments and businesses, but it is difficult to imagine an efficient security system to that end being implemented any time soon. However, this is not the only reason botnets are used. It’s not even the most common.
Most attacks are on a much smaller scale.
So, What Are Botnets Typically Used For?
As you can imagine, they’re used most commonly in malware attacks. It’s one in a long list of examples of how good technology can be used for corrupt causes.
What’s more concerning is how easy they are to set up. Being an internet criminal has a very low barrier to entry. All you really need is an internet connection, a small amount of cash, the know-how and about a half hour of free time to set up a botnet. But this section is not about how to build a botnet, it’s about what they’re used for.
Put simply, if your computer or mobile device is part of a botnet, that usually means its been infected with some type of malware. It is a robot in the army. It is one of a network of devices waiting for commands from whoever is controlling the botnet.
Once a criminal has grown this network a sizable amount, he or she will not always employ it for personal use. Some criminals rent out access to their botnets to other criminals. Larger botnets can be used in distributed denial-of-service (DDoS) attacks. Smaller botnets can be used to circulate spam emails or to mine bitcoins.
Of course, there are more creative uses and probably many yet to be exposed, but here we’ll go into one of the most common: DDoS attacks.
Botnets for DDoS Attacks
DDoS attacks are some of the most easily accomplished cyber attacks, and botnets almost seem tailormade to carry them out.
The person controlling the botnet will command the bots to all access a designated website or IP at the the same time. This flood of traffic overwhelms the site, and that can cause a lot of problems. During a DDoS attack, a website can slow to a halt and even shut down completely due to the influx of traffic from a botnet. In short, the goal of a DDoS attack is to cause disruption for a website or service.
For reference, the average botnet size is in the early 2000s was said to be around 20,000 computers, and that was before the IoT could be infected by a botnet. This number can also vary greatly. In 2009, Conficker, one of the largest botnets ever, was estimated to have infected over 15 million computers.
Imagine the firepower a botnet built of 15 million computers could have during a DDoS attack. If you want to check out a more recent large-scale DDoS attack, read the Pwnie Express post-mortem on the Mirai botnet.
The Internet of Things (IoT) and Botnets
As Mirai has shown, the Internet of Things opens up all kinds of doors for botnet armies to gain access to more power.
As more connected devices enter the market, there are more opportunities for botnet attacks. Cheap connected devices like webcams, coffee makers, workout trackers and more have little or no security and it’s easy for cyber criminals to gain access and bring them into the botnet army.
Mirai was used in the Dyn DDoS attack in 2016, for example. That took down notable websites like Twitter and Netflix with a botnet made of over 100,000 IoT devices. If companies that manufacture IoT devices don’t program greater security measures, the IoT could be ripe for botnets to pick at for years to come.
How To Prevent a Botnet Attack
The best way to protect against a botnet attack is to have proactive security measures in place. For one, none of your devices should be easily accessible and your IoT devices should be secure and password protected.
In an organization, IoT security is essential for preventing botnet attacks. Having visibility of what’s on your network can go a long way to preventing a breach. So while manufacturers figure out how to protect the IoT devices they produce with stronger device authentication and the use of only authorized software and updates, organizations need to find a better solution.
A wireless network security solution can fill this need, and prevent network devices from being accessed by cybercriminals and rogue devices. So instead of waiting as botnets storm the IoT devices on your network, you can be proactive about security.