What is a Botnet?
Botnet, short for “robot network“, is a network with a series of compromised computers controlled by a bot herder. Bots are programs that run automated scripts over a network, while a bot herder is a hacker who controls and maintains the botnet. The most common purpose of assembling a botnet is to perform mass attacks such as data theft and malware distribution.
How does Botnet work?
Here are the stages of how cyber criminals use botnets;
Stage 1: Exploit to expose
Exposure starts with a hacker finding a security issue in a website, application, or human behavior. The goal is to make sure that users become unknowingly exposed to malware. Hackers will most commonly exploit security issues in software, online platforms, or use social engineering to deliver malware through emails and other online messages.
Stage 2: Infect
This stage begins when the user gets infected with the botnet malware. The infection can happen if the user takes a particular action, such as downloading a special Trojan virus or visiting an infected site. Regardless of how it happens, cyber criminals end up compromising several users’ computers.
Stage 3: Activate and initiate
Once cyber criminals or hackers have gained access to your computer, they can use it to control other computers and steal information. The cybercriminal organises all of the infected computers and mobile devices into a network of “bots” that they can remotely manage. They can then act as the boss of a large “zombie network” (i.e. a fully assembled and active botnet).
What does Botnet do to your computer/device?
Once the computer or device is infected, a zombie computer allows users to perform admin-level operations. Such as;
- Remotely running and installing any applications without the owner’s consent.
- Reading, copying, and writing user’s system data
- Gain access to the user’s personal and private data
- Sending user’s private/important data
- Monitor the user’s activities
- Searching for vulnerabilities to access users’ other devices or contact connections.
Types of Botnet attack schemes
An active botnet can be used to carry out secondary attacks on other users and organisations by themselves or with the help of other malicious programs. Some common botnet scams include:
Phishing is an attempt to trick people by impersonating someone you trust in order to get you to share valuable information. Phishing consists of unsolicited emails containing links to fake websites that are meant to trick you into sharing your personal information.
Brute force attacks are programs that run in an attempt to breach web accounts by guessing the passwords. Dictionary attacks involve running lists of words and their possible variations in order to access user accounts while credential stuffing involves taking advantage of weak user passwords to access their data.
A DDoS (Distributed-Denial-of-Service) attack is an attempt to overload a server with web traffic, causing it to crash. Attackers have taken over a zombie computer and made it join a botnet, which can then be used against a website or other online service.
Cybercriminals and Botnet
Cybercriminals often sell access to large networks of zombie machines. The buyers are usually other cybercriminals who use the zombie machines for their own purposes, such as sending spam emails. Hackers, such as spammers, might rent or buy this network to operate a mass spam campaign.
List of Botnet cybercrimes
Stealing financial account information such as Credit card information, digital wallet access, or other finance and payment information.
The EarthLink spammer botnet case was the first botnet to gain public notoriety due to a spammer botnet built by a cybercriminal known as Khan K. The cybercriminal gained access to EarthLink ISP company and used its network access to operate its spammer botnet. The cybercriminal succeeded in sending 1.25 million phishing emails in a little over a year. The scam was masked as communications from EarthLink’s legitimate website, and it was hoped that victims would provide sensitive information like credit card numbers or downloaded viruses. Eventually, EarthLink sued Smith for $25 million for sending spam through their network.
Information and identity theft
Information theft is when cybercriminals attempt to access confidential and private accounts. The goal behind this type of cybercrime is to steal your personal information and use it to impersonate you and / or gain information about somebody else.
The Storm was a peer-to-peer botnet, it was controlled by several different servers masquerading as the owner of their victim through infected devices/computers to gain more victims. The network spanned 250,000 to 1 million infected computers, which could be rented out to criminals willing to pay for them on the dark web. This made it possible for the Storm botnet to participate in various criminal activities, including distributed denial-of-service (DDoS) attacks and mainly identity theft.
Many of its servers were shut down in 2008, and today, it is thought to be inactive. The following image shows the Storm Botnet lifecycle.
Cyber sabotage is the action of using technology to disrupt computer systems of an organisation in order to cause damage and loss of data or to gain access to sensitive information. There are various reasons why Cybercriminals want to gain access to sensitive information:
- The information will give them a strategic advantage for other crimes
- To steal the organisation’s identity and impose as the organisation to gain more victims
- Sell the organisation’s information on the dark web
In 2015, an advertising fraud operation called Methbot successfully cyber-sabotaged 2 global internet registries and associated them with US-based internet service providers. The Methbot cybercriminal operators created 6,000+ domains and 250,267 distinct URLs, making them appear to belong to real big-name publishers. These sites could be hosted on the page only by a video ad. To trick algorithms searching for the most profitable ad space, they made fake domain registrations to look as if established publishers owned those sites. Once their bogus websites were sold for ads, the auction took place in milliseconds.
As reported by Human Security, internet advertisers projected roughly $7.2 billion loss to bots.
Scammers often try to get you to give up your private information or trick its victim into sending cryptocurrency to a compromised digital wallet.
Smominru is a botnet well-known for Cryptojacking. It has been spreading since May 2017, infecting over half a million Windows computers and earning its operators millions of dollars through Monero (XMR) cryptocurrency. The Smomiru botnet has infected and gained control of 526,000 Windows computers and has earned its operators nearly $3 million through the Monero (XMR) since it was first discovered in 2017. The following image from Proofpoint research shows a Smominru cryptojacking botnet scamming its victim;
According to security researchers at Proofpoint, the botnet uses the EternalBlue exploit to spread across networks via Microsoft’s Server Message Block (SMB) protocol. EternalBlue is an exploit that targets a vulnerability in SMB v1. 0 protocol. This exploit and others like it are often used by malware to spread itself across a network. It was used in various attacks, including the WannaCry ransomware outbreak that impacted hundreds of thousands of computers worldwide.
How to avoid being a victim of a Botnet
There are a variety of different steps you can take to help protect yourself from botnet malware. Some steps include software protections and others include small adjustments you can make to your computer habits.
Here are some tips that may help you to stay safe browsing and avoid Botnet attacks;
- Update the admin settings and passwords on all your devices. Check all possible privacy and security options on any device that connects to the internet or other devices. Even smart refrigerators and Bluetooth-equipped vehicles have default manufacturer passwords to access their software systems. Without updates to custom login credentials, hackers can breach and infect each of your connected devices.
- Be careful when you click links in any message you receive. Texts, emails, and social media messages can all be vehicles for botnet malware. Also make sure to manually type the link into your address bar and search for an official version before clicking on it.
- To help prevent botnets from hijacking your devices, be sure to protect each of your devices with a security solution. For example, installing an antivirus software suite that covers all your devices, including Android phones and tablets.
- Be sure to create strong passwords or passphrases for all your smart devices. It’s better to have a longer, more complex password than one that’s short and not complicated. For example, a password like “pass12345” is easier to guess than “ThisisMystr0ngP@sswprd!%.”
- Don’t download any attachments you receive in an email, unless you know the sender personally and trust that their message is legitimate. Also, use antivirus software to scan the attachment for viruses before downloading it.