Cybercrime Update: What is a Botnet?

What is a botnet and how does it work?

A botnet is a network of internet-connected devices that are infected with malware and controlled by a single entity, known as a botmaster. These bots can be computers, mobile phones, or Internet of Things devices. 

 After the malware has infected a device, the botnet connects with it and receives instructions from the botmaster, which can use it to perform a host of malicious activities. These could include stealing personal data, continuing to spread the malware, mining cryptocurrency or launching a DDoS (distributed denial of service) attack. 

What is botnet controllable?

Literally any device that has been infected with malware can be botnet controlled. Having a device that is botnet controllable is a serious threat to the security of your data and can disrupt any services you provide.

How do hackers control a botnet?

Anyone with the required tech know-how can create and control a botnet. The malware used to infect devices can be distributed through a wide range of approaches, including social media tactics, distribution of infected downloads and those oh-so popular phishing emails. Any devices with weak security measures in place are particularly vulnerable to being infected and used in botnets.

What are botnets used for?

Cybercriminals use botnets to conduct malicious activity such as theft and sales of finances and data, or to run crypto scams and sabotage services. They are a serious threat to online security and can cause endless reputational damage to organisations. Let’s take a closer look.

• Financial and data theft

Using techniques such as keylogging or phishing, botnets can steal financial information including login and credit card details. Once obtained, this information can be used to make fraudulent transactions or steal funds directly from accounts.

 When it comes to stealing data, approaches such as data exfiltration or spyware can come into play and the information sold on to other cybercriminals.

• Cryptocurrency scams

Mining of cryptocurrency is often done using botnets, with cybercriminals also using them to launch crypto scams like Ponzi schemes.

• Service sabotage

DDoS attacks can be launched via botnets, resulting in a specific site or online service being inundated with traffic to the point it is no longer available for users to access. This approach can be taken as a form of protest, extortion or to disable a particular industry or competitor.

• Selling on to other criminals

Existing botnets have been known to be sold or even rented out  on the dark web to other criminals. The new owner, or leaseholder, uses them to spread more malware or launch new attacks.

Botnet architecture

The architecture of the botnet is how they are structured and managed. The two main varieties of botnet architecture are the client-server model and P2P. Client-server models involve a central command and control server, which manages the bots, while the P2P botnet is decentralised, with no single point of control.

Types of botnet attacks

A range of attack types can be carried out by botnets, including Distributed Denial of Service (DDoS) attacks, as mentioned earlier with regard to service sabotage. Phishing attacks are also common, when large volumes of phishing emails are distributed with the aim of tricking people into sharing personal data such as passwords or credit card details. 

The most extreme approach is a brute force attack, where every possible combination of username and password is attempted until the botnet finds the right one to gain unauthorised access to a system or network.

How to protect yourself from botnets

The best precautions to take to protect yourself from botnets include regular updates of your software, frequently changing your passwords and ensuring the passwords you create are strong (not predictable or used for any other logins). Implementing security measures such as antivirus software and firewalls can also help prevent your devices from being infected.