What are botnets? How do they work?
Over the last few years, malicious code, normally known as Malware has been around in some form or the other. Hackers have been breaking into computers over the Internet to leak sensitive information. The world has now been introduced to the concept of Botnets which have caused several security issues.
What exactly are Botnets?
Botnets are a group of computers which are infected with malware to take control of any device connected to the internet. They are like worms. They can be a combination of devices running different operating systems. Devices like cheap webcams, video recorders have little security settings. The hackers find it easy to take over such devices in no time and build huge botnets.
What are Botnets used for?
Botnets are commonly used in DDoS (Distributed Denial of Service) attacks. With the collective computing power from the infected systems, the botnets are highly capable of stealing sensitive information, malware propagation, disruption of the internet, sending spam and spying on individuals or organizations. Cyber criminals or Botmasters as they are called do not build these botnets only to compromise an individual computer. These are designed to infect millions of devices and bring a large network down. There are botnets that can self-propagate, find and infect devices automatically. They are constantly searching for vulnerable internet-connected devices that are lacking the operating system updates or antivirus and security settings.
They are used to commit click fraud. This is nothing but a scheme to fool the advertisers into thinking that people are clicking on their advertisement. Botnets spread due to downloading attachment links. Malicious software can be attached with illegal software or media downloads. When a user clicks on this link of the infected site, the botnet software gets downloaded and gets installed on the user system. Botnets can send spam messages to a million devices in a short period of time. Botnets destroy a large amount of data in the host system. Smart botnets have the capability of going offline for a period and come back again when the targets are not suspecting.
The Mirai botnet was responsible for bringing down a large amount of internet traffic and has been said to be the largest of its kind in history. The servers of the company that controls the internets DNS infrastructure were affected by this botnet. It brought down critical sites including Twitter, Netflix, CNN and many others in the US and Europe. The internet outage was caused due to a DDoS attack. Unlike the other botnets that have been built to date by infecting many computer devices, this was largely made up of internet of things (IoT) devices like digital cameras and DVD players. The Mirai botnet mainly targeted these devices with weak or default passwords. Akamai has reported that Mirai is still around with two DDoS attacks of more than 100 Gbps.
A new botnet has now been discovered called Reaper which is said to be infecting the IoT devices at a much faster pace than Mirai did. This botnet has the capability to bring the entire internet down. Reaper has been known to affect D-link, Netgear, and Linksys.
Botnet detection is not an easy task as these have the capability of being dormant for a while and come back when the botmaster programs them to. Botnets try to disguise their origins. In most cases, the owners do not know that their systems have been infected and have become a part of a botnet.
The easiest way a user can find if his computer system has been affected is by using an anti-malware product. Also, the user can look at the processes that are running, the programs that are installed. These might reveal the presence of a botnet infection. But in most of the case, the detection is not so simple.
As we all know Prevention is better than Cure, the users can prevent their systems from getting infected by following some steps. These can be implemented at an individual user level and at a network level as well.
- Install anti-virus/ anti-spam software and keep them updated regularly.
- Turn ON the Firewall settings and restrict unwanted access.
- Make sure that the OS is updated from time to time.
- Do not download illegal stuff like pirated music, games, files etc from the internet.
- Do not click on attachments or links from unknown email messages.
- Have Firewall, IDS/IPS systems, and content filtering in place.
- Monitoring unusual increase in traffic.
- Have DDoS protection in place.
- If individual user systems have been suspected of being botnet infected, try to remove the malware software immediately. If this is not done in time, the other systems in the network might get infected as well.
- Make sure that all individuals in the company have their systems with the updated software.
- Monitor firewall logs to identify botnet command and control centers.
- If any infection has been identified, notify the anti-virus vendors immediately.
Take away points
Running anti-malware software on user systems is the basic way to prevent botnet attacks. The most effective way to fight botnets is to be vigilant and be aware of this threat. Keep your systems updated. Help your coworkers to understand the effects of a botnet attack. Make sure you stay away from clicking on unknown email links and attachments. We need to help everyone realize that if one computer gets infected, it might cause harm to the entire network.
With the increase in the IoT and more and technological advancements, the potential of such botnet attacks and their power also increases. Taking preventive action will protect us, our company network, our identity, devices, and data.