What is a Botnet?
A large network of malware-infected devices that cybercriminals control remotely. Botnets are used to conduct a wide variety of attacks, including distributed denial of service (DDoS), ad fraud, cryptocurrency mining, and more. Devices that can be co-opted into botnets include traditional computers, mobile phones and tablets, Internet of Things (IoT) devices like routers, and even the hardware that enables or supports internet connections such as networking routers.
Hackers are able to exploit these devices because of vulnerabilities in their software or lack of security features. Once a device is infected with botnet malware, it can be used for nefarious purposes, such as to conduct banking fraud, distribute ransomware, and disrupt services online. Bots are also used to perform tasks that are generally hidden from the device’s owner, such as clicking on ads and collecting payment information.
Bot-herders can operate botnets using centralized or peer-to-peer models. Centralized botnets use one command and control (C&C) server to communicate with all devices on the botnet. This makes them susceptible to a single point of failure, but are easier for system administrators and law enforcement to shut down by cutting off the head of the botnet’s hierarchy.
Peer-to-peer botnets, on the other hand, communicate with each other through a P2P model, where each infected device acts as both a client and a server. This allows the bots to update and share commands with each other, which can make it harder to take down a whole botnet.