What is a Botnet?
A Botnet is a network of infected systems and devices – commonly referred to as zombies – that are remotely controlled by cybercriminals to perform various malicious tasks such as Distributed Denial of Service (DDoS), spam, cryptocurrency mining, click fraud, spyware, ransomware, and more. Threat actors often use remote administration tools (RATs) to control multiple systems. These rogue applications are typically installed without the victim’s knowledge or consent and allow attackers to perform activities such as form grabbing, keystroke logging, and data theft on a large scale. Botnets are frequently used to attack point of sale (PoS) systems. The ZeroAccess botnet, for example, abused infected machines to mine Bitcoin and engage in other activities such as stealing online credentials. Andromeda, 3ve, and Methbot are examples of recent P2P botnets that performed similar activities ranging from DDoS to click fraud, all for a fee or a cut of the profits.
These threats can be aimed at any number of reasons, including revenge, financial gain, or a desire to harm a business’s reputation. While most botnets are created to do one of these things, some are simply hacked for fun or to test their ability to infect large numbers of devices.
Many of the attacks conducted by a botnet involve exploiting vulnerabilities in unpatched software. As such, the best way to protect against these types of attacks is through good cybersecurity hygiene that includes hard-to-crack passwords, a robust security policy, and regularly updating all systems and devices that have access to the internet. This is particularly important for IoT devices, which are notoriously easy targets and have little or no security protections built in.