All you need to know about botnets

4389155275_ed9b92eaa8_o

We’ve all seen movies like Eagle Eye and Terminator Genisys, or read one of the myriad sci-fi books that suggest computers will one day take over the world – and then we dismissed the notion as being unrealistic or far from the truth. But with our lives become more and more connected, new possibilities and vectors arise for hackers with malicious intents to target our lives, if not necessarily in the manner that is depicted in the movies. They don’t need to run a SkyNet or Genisys network to have an army of evil robots at their command – they can conscript thousands and millions of mindless connected devices to their botnets, and force them to do their evil bidding.

What are botnets?

A botnet is an army of connected computers and devices, infected with a malware that enables a “bot herder” to remotely control these devices without their rightful owner’s consent or knowledge. The herder can use the botnet to carry out a wide range of malicious activities, including the exfiltration of sensitive information such as credit card numbers and banking credentials, launching DDoS attack against target web sites, delivering spam and malware to unsuspecting victims, staging click fraud campaigns, or carry out multiple-node brute force attacks to crack passwords.

How much damage are botnets inflicting?

Botnets are nothing new and have been around for more than a decade, and by some accounts, since 1988. Estimates place the losses inflicted victims by botnets to be around $110 billion annually, with about 500 million computers enlisting in evil zombie botnet armies every year.

Today, botnets have become the source of a lucrative and profitable of business for their masters, earning them millions of dollars through cyber-criminal activities. For instance, Coreflood, a popular botnet that was stopped in 2011, was 2 million-machine-strong, and had amassed 190 gigabytes of data and looted millions of dollars from its victims.

Botnets have become so popular among large scale cybercriminals that bot herders are now delving into classic mercenary business and are renting their botnets to other attackers who want to carry out DDoS and data-theft operations (something like the cyber version of the Unsullied of Astapor, if like me you’re a fan of George R. R. Martin’s A Song of Ice and Fire). The Bredolab botnet, which was developed in 2009 by a Russian hacker and expanded over 30 million machines, earned its owner $125 thousand a month from renting it to other criminals.

What efforts are being made to stop botnets?

The feds and giant tech firms have tried to deal with botnets in earnest since 2007, though the methods employed had not been without their own set of controversies, including hacker-like and rash tactics, which in some cases have had adverse effects on uninvolved parties.

But in tandem with the efforts of the government and tech firms to take down botnets, botnet engineers have not remained idle and are using more novel and sophisticated techniques to grow and protect their botnets. One stark example is the Confickr worm, one of the most famous and uncannily ingenious botnets that has eluded cyber security experts for years and remains a mystery to this day. The worm started spawning in 2008, taking ownership of more than 12 million machines, and it still continues to breed and expand today. In 2011, a $72 million cybercrime ring was busted, which had been using Confickr, though it never became clear if the criminals were behind the spread of the original worm or not.

The future of botnets

Despite many successful attempts at taking down botnets, there’s no sign of their multiplication being slowed down, and while you were reading this article, hundreds of other zombie computers silently joined the rank of some evil botnet warlord (I dearly hope yours wasn’t one of them). What’s more, with the chaotic spread of the Internet of Things, and the many security risks and flaws that it trails behind, the prospects are becoming grimmer for security firms and brighter for bot herders, who will have billions of new devices to rally to their cause.

How do I protect myself

For the most part, following basic security best practices, including installing a good anti-malware software along with new updates and patches on should be enough to protect your PC and handset. As for the IoT, investing in one of many smart security devices to protect your home will help a lot to prevent your connected devices from being hijacked.

As for the rest, keep your fingers crossed, hold your breath, and hope the situation doesn’t spin out of control to become the realization of one of those horror sci-fi movies.

Advertisements

20 comments on “All you need to know about botnets

  1. […] brute force attacks are usually staged through an automated program. More resourceful hackers use botnets (an army of zombie infected computers and connected devices that are at the command of a remote […]

    Like

  2. […] vulnerabilities are constantly surfacing, and countless IoT devices are falling victim to hacks, botnets and other evil deeds every day. It takes mere minutes for a malicious hacker to find thousands of […]

    Like

  3. […] vulnerabilities are constantly surfacing, and countless IoT devices are falling victim to hacks, botnets and other evil deeds every day. It takes mere minutes for a malicious hacker to find thousands of […]

    Like

  4. […] vulnerabilities are constantly surfacing, and countless IoT devices are falling victim to hacks, botnets and other evil deeds every day. It takes mere minutes for a malicious hacker to find thousands of […]

    Like

  5. […] vulnerabilities are constantly surfacing, and countless IoT devices are falling victim to hacks, botnets and other evil deeds every day. It takes mere minutes for a malicious hacker to find thousands of […]

    Like

  6. […] vulnerabilities are constantly surfacing, and countless IoT devices are falling victim to hacks, botnets and other evil deeds every day. It takes mere minutes for a malicious hacker to find thousands of […]

    Like

  7. […] vulnerabilities are constantly surfacing, and countless IoT devices are falling victim to hacks, botnets and other evil deeds every day. It takes mere minutes for a malicious hacker to find thousands of […]

    Like

  8. […] ständig auftauchen und unzählige IoT-Geräte werden zum Opfer zu fallen Hacks werden Botnetze und andere böse Taten jeder Tag. Es dauert nur wenige Minuten für einen böswilligen […]

    Like

  9. […] vulnerabilities are constantly surfacing, and countless IoT devices are falling victim to hacks, botnets and other evil deeds every day. It takes mere minutes for a malicious hacker to find thousands of […]

    Like

  10. […] vulnerabilities are constantly surfacing, and countless IoT devices are falling victim to hacks, botnets and other evil deeds every day. It takes mere minutes for a malicious hacker to find thousands of […]

    Like

  11. […] vulnerabilities are constantly surfacing, and countless IoT devices are falling victim to hacks, botnets and other evil deeds every day. It takes mere minutes for a malicious hacker to find thousands of […]

    Like

  12. […] capabilities, these grey markets became competitors and hackers started using other methods such as botnets to increase their production rates and maintain the competitive edge, drawing down market prices in […]

    Like

  13. […] also helps deal with other fraudulent activities such as “gold farming,” the process of using botnets to generate in-game assets and later sell them on grey markets, an activity that is raking in […]

    Like

  14. […] also helps deal with other fraudulent activities such as “gold farming,” the process of using botnets to generate in-game assets and later sell them on grey markets, an activity that is raking in […]

    Like

  15. […] deal with other fraudulent activities such as “gold farming,” the process of using botnets to generate in-game assets and later sell them on grey markets, an activity that is raking in […]

    Like

  16. […] also helps deal with other fraudulent activities such as “gold farming,” the process of using botnets to generate in-game assets and later sell them on grey markets, an activity that is raking in […]

    Like

  17. […] 、悪質なボットのオーナーはそのゾンビマシンによる不死なる忠実な軍隊の中にやすやすと新人を徴兵して行く – […]

    Like

  18. […] hackers are using botnets (networks of remotely hijacked computers) in order to amplify their campaigns and are using known hacking techniques such as SQL injection […]

    Like

  19. […] breaches remain undiscovered for months. In contrast, thanks to the array of innovative malware, botnets and other advanced data-theft tools at their disposal, attackers only need minutes to gain access […]

    Like

  20. […] cyber criminals were able to influence public opinions in voting scenarios.” Zeifman warns of the threat of botnets and points to a recent bot attack that registered 80,000 fake votes and undermined an online […]

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s