Protecting Against Botnet Attacks
A botnet consists of devices infected with malware and under the control of a remote attacker (bot-herder). Hackers often create large, distributed networks to perform large-scale criminal attacks. From a single point, the attacking party can command each device in the botnet to perform an action, such as flooding a website with traffic or hijacking online advertising revenue.
Attackers install the botnet malware on a compromised device through popular social engineering tactics like phishing or click fraud. The malware uses small amounts of a device’s computing power to carry out automated tasks that remain hidden from the owner, including diverting web browsers and performing data collection.
The most common botnet attacks are distributed denial of service (DDoS) and spam, but some attackers have used their botnets to steal credentials and money from businesses directly or sell the stolen information on black markets for a profit. The most famous example is the GameOver Zeus family of malware that infamously stole millions of dollars from enterprises and credit card information from individuals.
Bot herders use two kinds of systems to control their botnets: centralized and peer-to-peer (P2P). Centralized models send commands from one central server, while P2P botnets have each compromised device function as both client and server and communicate with each other directly.
Protecting devices from being part of a botnet requires ongoing efforts similar to protecting against other types of malware, such as regularly updating system software and enabling multi-factor authentication. In addition, providing employee training and encouraging them to change passwords on a regular basis can help protect against malware and mitigate the impact of a breach.