Not long ago, Botnets used to hit the headlines in the cybersecurity realm. These days, it seems that many people have forgotten them till recently. This might be attributed to significant concerns in computer security such as ransomware, data breach and leaks. Also, the latter has immediate effects while botnets take a while for its effects to show up. Recently, multiple law enforcement agencies announced that they had shut down one of the most prevalent and damaging bots. The Andromeda botnet was first spotted in 2011. Its known as Andromeda because it’s a constellation of millions of interconnected computers and computing devices, much like the Andromeda galaxy.
What’s a botnet?
The word botnet is a combination and a derivation from two words, robot and network. Botnets are unique types of malware, trojans and viruses which when they infect a computing machine, they make the machine a zombie. That’s. They control it, i.e., they harness the computing power and resources to perform other cybercriminal related activities. The attacker can control the machine remotely without being detected. Hence, the infected machines turn into robots (bots) that are connected to a certain network (net) and controlled remotely. An attacker will occasionally control one machine which will, in turn, control the rest, and the chain continues to other new infections.
Impact of botnets
The most notable impacts of botnets are the delivery of large-scale spam campaigns, malware and mostly Distributed Denial of Service (DDoS) attacks. Botnets are usually used to deliver other harmful cybercriminal attacks, and they might not directly affect the user as criminals seek to control the machines. One may only note that the machine has become slower, unresponsive and even not able to access some functionalities. In other cases, cybercriminal may work on a profit basis kind of business. This is the case where a cybercriminal rents out some part of his/her botnets to other cybercriminals for delivering their spam campaigns and other internet related vulnerabilities. Sometimes, the botnet can be sold.
What makes botnets to remain lowkey is that they have a higher purpose rather than affecting a certain user at a certain stage. The infection is also undetected, but the results are devastating. There’s no way you can know that your computer or router is helping cybercriminals in a certain job. This can also be attributed to the fast computers and large bandwidth that you might not notice if something is using up your resources. What’s more threatening is that botnets are not limited to computers only like noted earlier, botnets are now taking advantage of anything with computing power that can be connected to a network. That’s, botnets are increasing swarming into unsuspecting technology, Internet of Things. In IoTs, botnets are a menace as they are even harder to detect. For instance, the Mirai botnet wiped out the internet in some parts and across the world. Mirai botnet used the internet of things to deliver such a devastating attack in the course of last year.
Malwarebytes, a cybersecurity firm detected over 7000 botnets in from 2016 to November 2017. Although this year had a reduction in botnets, it’s expected that things will be worse in 2018 and they will continue thriving. “Botnets really have been around as long as we’ve done things purposefully online,” says David Emm, a principal security researcher at Kaspersky Lab. “If we’re banking online, shopping online, these are all activities people can subvert.” At the moment attackers have derived motivation from money, and this motive makes cybersecurity a big challenge. It has made the threats involved to evolve. Such as using botnets to make money.
The decrease in botnet numbers can be as a result of the fact that they can be traced to the original owner. No one wants to be behind bars, and this is the reason why there might be only one large-scale worldwide botnets. The bigger the botnet, the bigger the achievements, as well as the risk involved. This is because as the botnet moves across the internet, it leaves more digital footprints which can be traced back to the owner. “We do see a lot of communication from the creators of these sorts of infrastructure where they’re pushing heavy terms of use,” says Jens Monrad, a senior analyst at FireEye. “So that could be saying you’re not allowed to infect specific victims or countries because that will put pressure on the creators. Typically, we see that there is a lot of things from a cybercriminal perspective that you have to accept to use the infrastructure.” Despite this, attackers can take special measures to stop their actions to be traced back. Even if arrests are made, and the botnet is not shut down, another cybercriminal hacker might pick it up and continue to use it for various tasks.
To shut down and eventually stop a botnet, law enforcers use a process known as sink holing. In this process, domains registered with infections are grabbed by the officers and let the data drop into them while tracing the origin. Sometimes, the takedown may not cover everything, and that’s why you might notice old families of botnet booting up.
How to avoid botnets
Since its hard to detect botnets in a system, the best way is to avoid them. To do that, one needs to take the general internet security advice seriously. That’s is, updating all your devices and their software as soon as possible and avoid activities that leak your credentials such as clicking on dodgy links. If a device is connected to the internet and it’s not being used to access an internet-dependent functionality, turn off the device. Lastly, does the devices you use come with a password? Such as routers, the first thing you should do is change it. You can also ask the manufacturer if it can be updated.