Why we should keep an eye on a Botnet
Work hard in silence, let your Botnet make the noise.
Are you ever heard about a botnet? how it works? Why we should know about a botnet? If you can’t answer any of these questions you should be aware and ready to know about it. So, let’s find.
What is a Botnet?
A botnet is a collection of internet-connected devices including personal computers, laptops, servers, mobile devices, and other Internet of Things (IoT) which are compromised by thousands of malware. This inter-connected network is used to spread attacks like DDOS, phishing, email spam, brute-force attack and also malware by a person known as botmaster. A botmaster is the person who controls and conducts the botnet. It may be a person or cyber criminal group or nation-state. The infected computers in a botnet known as bots or sometimes zombies.
The attacker links the malicious software codes and applications for websites through the internet. When a user downloads or clicks that link it infected to the user’s computer and malicious code is executed. Sometimes this may not be a direct link but maybe an attachment of user downloaded software.
The unfortunate fact is, users are totally unaware of a botnet infecting their system because infected devices are controlled remotely by attackers and hide the malicious operation form users. Actually, botnet is hijacking your computer to do what botmaster want to do.
How dangerous is Botnet?
Once the botnets’ owner is in control of your computer or server, they normally use victim computers to distribute malware. Such as,
Distributed Denial of Service Attack (DDOS)
To distribute a large number of Email spam
Generating fake web traffic and slow down it for financial purposes.
To conduct real-time brute-force attack
Replacing your browser with banner ads.
Spyware and pops ads
Control home Surveillance Cameras and gain access
Real-world examples for botnet attacks
- Mirai botnet
Botnet attack can be devastating. In 2016 Mirai botnet shut down the large portion of the internet including Twitter, CNN, Netflix, and other networks and other major sits. As well as major Russian banks and the entire country of Liberia. Mirai took advantage of unsecured internet devices such as security cameras and installed the malware.
2. Zeus — The Zeus malware is first detected in 2004 and this is one of the best known and widely spread malware in history. Zeus is used a Trojan horse program to infect vulnerable devices.
3. Mathbot — According to the records of cybersecurity services company White Ops, this is known as an extensive cyber crime operation. In short, Mathbot is a malicious ad fraud botnet. The researches had recorded, Mathbot was generated between 3–5million dollars of revenue per day.
How to prevent botnet attacks?
1. Update your remote firmware, system and operating system.
Botnet uses unpatched vulnerabilities to spread malware. So updating system is the first best practice against botnet. If you want you can set up your operating system to install updates automatically.
2. Lock down access
For using a strong authentication method. Use multi-factor, risk-based authentication, least privilege, best practices to access control.
3. Don’t download attachments or clicks on links from email addresses that are unknown.
4. Use a firewall when you browsing the internet.
3. Don’t visit banned sites and the sites that are known distributors of malware.
4. Use advanced behavior analysis to detect unusual behavior in IoT traffic
5. Secure boot.
6. Take cybersecurity professional advice and make the best security implementations.
Written By/Sudeepa Shiranthaka -2rd Year 2nd Semester -Cyber Security Student SLIIT