What are Botnets?
The term “botnet” is a portmanteau of the words “robot” and “network.” Botnets are networks of hijacked computer devices used by cyberattackers to carry out their cyberattacks. A botnet is controlled by a “bot herder” who operates the botnet infrastructure and uses the hijacked computers to launch cyberattacks that are designed to crash a target’s network, inject malware, harvest credentials, or to execute other intensive computer-related tasks. Each individual device within the botnet network is referred to as a “zombie computer” or “bot.” These botnet devices operate under the commands of the bot herder, and without the consent of the device owners. Botnets are developed in the following stages:
- Exposure. The cyberattacker finds a vulnerability in a website, application, or user behavior, and then exposes users to a malware infection. Cyberattackers may also exploit security issues in software or websites, or may deliver malware infections through emails, drive-by downloads, or trojan horse downloads. Bot herders intend for users to remain unaware of the malware infection
- Infection. The malware infection takes control of victim’s devices, allowing cyberattackers to create zombie devices using techniques such as exploit kits, web downloads, popup ads, and email attachments.
- Activation. Once the bot herder has acquired a sufficient number of bots, these zombie devices will proceed to download the latest updates and will proceed with its malicious instructions. The bot herder can continue to manage and expand the botnet to control thousands, tens of thousands, or even millions of devices, in order to carry out expansive malicious attacks.
Cyberattacks that botnets can execute include:
Phishing. Botnets can be used to distribute malware via phishing emails.
Distributed denial-of-service (DDoS). DDoS cyberattacks are malicious attempts to disrupt the normal traffic of a targeted server, service, or network by overwhelming the target or its surrounding infrastructure with a flood of internet traffic from the botnet.
Spambots. Spambots use contact lists or guestbook pages to collect email addresses, or they may post promotional content in forums or in comments that drive traffic to malicious websites. Over 80% of spam is though to come from botnets.
The following types of devices can be vulnerable to a botnet:
Traditional computers. Desktops and laptops running on Windows OS or macOS are popular targets for botnets.
Mobile devices. Smartphones and tablets have been used in botnet cyberattacks.
Internet of Things (IoT) devices. IoT devices that are connected and share data between each other via the internet can be corrupted to create massive botnets. Some examples of IoT devices include wearables and smart home devices.