What is a Botnet?
A botnet is a network of infected computers and devices that are controlled by malware to carry out malicious activities or cyber attacks. Attackers gain control over the compromised device by exploiting vulnerabilities in software, websites, or even human behavior. Once hackers have gained admin-like access, they corrupt the device with botnet malware that can then execute automated commands.
Hackers can use botnets to carry out a variety of automated attacks such as distributed denial-of-service (DDoS), brute force password guessing, and phishing. They can also be used to steal information such as credit card numbers, bank account credentials, or confidential documents.
There are two main ways that attackers can control a botnet: centralized and decentralized. The centralized model involves a single command and control (C&C) server that directly communicates with each infected device on the botnet. Typical C&C communication channels include Internet Relay Chat (IRC) botnets, which use simple methods of communication with low bandwidth, and HTTP botnets, which mask instructions as web traffic.
However, more recent centralized botnets have been replaced by a peer-to-peer (P2P) structure that allows each infected machine to act as both a client and a server. This makes them harder to take down and more resilient.
P2P botnets are most commonly found in Internet of Things (IoT) devices like smart home appliances and security cameras. They can be difficult to detect because they are usually not running on a system’s operating system or web browser, which would raise an alarm for users. However, good ingress and egress filter practices can help catch botnets at the border of your network or when they are leaving it to enter other networks.