What is a Botnet?
A botnet is a network of malware-infected computers that a hacker or threat actor controls remotely to execute cyber attacks like Distributed Denial of Service (DDoS) or spam. It also provides access to stolen personal account credentials or other sensitive information and can even be used as a weapon in ransomware attacks.
It’s a growing problem, especially as more devices come onto the market that are inherently vulnerable due to poor security design. By enslaving tens or hundreds of thousands of devices, a cyber attacker can use a botnet to perform malicious tasks and wreak havoc on the internet.
Cybercriminals often find ways to infect devices, such as exploiting security gaps in software and websites or embedding malware-laden links into phishing emails. Once a device has been infected, it will begin to download and execute commands from the attack server. Typically, a botnet will consume a fraction of the device’s bandwidth to perform its duties. Excessive bandwidth consumption can be a red flag that your device is infected with a botnet.
Botnets are primarily used for DDoS and spam attacks, but can also be deployed to steal passwords, steal data, perform brute force attacks on logins and even take control of devices that run on the power grid. Famous examples include the Mirai botnet that infected Internet of Things devices, causing massive DDoS attacks and outages, or the Mariposa botnet that stole personal account credentials for sale on the dark web.