What is a Botnet?
A network of compromised computers (PCs, servers, mobile devices and Internet of Things (IoT) devices) infected by malware that is controlled remotely by a threat actor. Botnets can perform a wide range of illegal attacks, including click fraud and DDoS attacks.
Computers and IoT devices are infected with a piece of malware that monitors for instructions distributed by the botnet’s command and control (C2) architecture. This can be through a variety of means, including data posted on websites, social media channels, responses to DNS queries and more. When instructed, the malware will take specific actions, such as stealing credentials or sending phishing emails.
Cyberattacks are regularly making headlines in today’s digital environment, and a significant portion of these attacks are caused by botnets. This is because they are able to infect a large number of devices, from PCs and laptops to smartphones, DVRs, smartwatches and domestic appliances.
There are two main types of structures that bot-herders use to operate their networks: centralized and decentralized. Centralized botnets typically rely on one or more C&C servers to communicate with each infected device; the simplicity of this model makes it very susceptible to disruption via a single point of failure.
Decentralized botnets, on the other hand, utilize peer to peer communication and a distributed network of trusted machines to send commands to the bots. This model can be harder to disrupt, especially if the botnet’s master is located in a country where law enforcement may not have much ability or willingness to intervene.