Botnets: What are they, how are they evolving, and how can you avoid them?
You wouldn’t want to be transformed into a zombie, robotically commanded by someone else’s will for their nefarious purposes. And you wouldn’t want your computer (or your home security camera or router) to be zombified either. But that’s what botnets aim to do, and the worst of them have hijacked millions of devices just like yours. What are botnets? How do they work? When someone hijacks your computer, what do they do with it? And how can you keep it from happening to you?
Let’s start with a definition. A botnet is a collection of devices that have been compromised by malware, which forces them to take directions from an outside command-and-control system. Once compromised, the devices continually listen for messages from whoever is operating this command-and-control system, following its instructions on what to do, and when to do it.
Why botnets are useful – to the bad guys
What might cybercriminals do with a botnet? Often, they perform Distributed Denial of Service (DDoS) attacks, in which all the devices on the botnet are told to attempt communication with the same website – thus overloading it, so it can’t handle legitimate visitors or applications.
For example, in late 2016, the “Mirai” botnet built out of 300,000-plus gadgets, such as wireless cameras, routers, and digital video recorders, was unleashed against a variety of targets, including internationally-renowned security researcher Brian Krebs. The botnet’s authors, fearing exposure, soon released their code to the world – and someone else adapted it to deliver an even larger attack, including one that seriously damaged internet performance throughout the east coast of the U.S., and disrupted sites ranging from Netflix and Amazon to Reddit and The New York Times. (The trio of hackers behind Mirai recently pled guilty in federal court, getting extremely light sentences in exchange for agreeing to work with the FBI on cybersecurity matters.)
DDoS attacks aren’t all that botnets can be made to do. For example, some have been enlisted to commit ad fraud. Their zombie devices are told to click on ads at websites owned by the fraudsters – who then collect money from advertisers and ad networks that believe the clicks are coming from real humans. Other botnets have been used to pour spam emails into millions of inboxes worldwide.
The new botnet use: crypto mining
More recently, botnets have been used to capture devices’ processing power in order to mine cryptocurrencies like Monero. Of course, the profits go to the botnet owner, not the individuals whose devices are doing the hard work.
And some botnets have been made available for rent – ready and waiting for creative new forms of crime and malevolence.
What’s next for botnets? Cybercriminals seem to be experimenting with artificial intelligence techniques for building botnet swarms: self-organizing systems that learn on their own and can collectively identify and pursue the most effective ways to attack a victim even without direction from a command-and-control system.
Patch early, patch often, patch always
Botnets have often relied on security flaws that have been widely recognized for years, but haven’t been universally patched. That’s one reason it’s so important to keep your systems up to date. (It also explains why older routers, webcams, and other Internet of Things devices are so vulnerable to hijacking: they’re often difficult or impossible to patch.)
Sometimes, the malware that causes botnets arrives as an unexpected email attachment, or is installed from a compromised website, so you should be careful online – and use advanced anti-malware software like Sophos Home Premium, which remains vigilant when you aren’t, and recognizes potential system compromises when you can’t.