What is a Botnet?
A botnet is a network of malware-infected computers and devices, including personal computers (PCs), servers, mobile phones, Internet of Things (IoT) gadgets, and even Internet infrastructure hardware like routers. These devices are controlled by attackers to steal credentials, carry out a variety of malicious activities and sabotage services on a large scale.
The malware on each infected device is commanded by the attacker, who controls thousands, tens of thousands or millions of zombie computers to attack other computers and devices. This type of attack is referred to as a Distributed Denial-of-Service (DDoS) attack. Other common uses for botnets include spamming, click fraud, form grabbing and stealing credentials, and executing ransomware.
Depending on the size and capability of the botnet, it may be possible to shut down the command and control center or cut off a particular segment of the botnet. This is why system administrators and law enforcement focus on identifying and closing down botnet command centers.
Hackers build botnets for different reasons, including financial gain and reputational gain. Cyber criminals may seek to earn money by renting out their botnet for DDoS attacks and spamming, or they may use the bots to demonstrate their hacking skills.
The proliferation of low-cost, Internet-capable IoT devices has made them a tempting target for hackers. IoT devices typically have fewer security features than traditional IT systems, and they are often easier to compromise with malware. Using good ingress and egress filtering practices to block malware entering or leaving your network can help protect your IoT devices from becoming part of a botnet.