What is a Botnet?
A Botnet is a network of Internet-connected devices (most commonly, computers) infected with malware that allows hackers to control them remotely without the device’s rightful owner’s knowledge. A cybercriminal might use a Botnet to perform different attacks, such as DDoS attacks and spamming.
When a device is part of a botnet, it is infected with malware that monitors for instructions from the hacker’s command and control servers (known as C2 or CC). Depending on what type of attack is taking place, a bot may also deliver information back to the C2 server as well. These reports may include the IP address of the device, its operating system version, and a list of installed applications. Because botnet malware is designed to stay hidden, the average user might not notice their device has been used for nefarious purposes.
The first step in constructing a botnet involves recruiting willing participants. Devices that can be recruited to join the army of zombies include traditional computers, e-commerce websites, social media sites, and even smart home appliances. Cybercriminals often target these types of devices because they offer a high return on investment for the attacker.
Once the attacker has a sufficient number of bots, they can begin launching automated attacks. A few of the most popular attacks include Distributed Denial of Service (DDoS), password cracking, and credential stuffing. The latter is a technique where hackers collect breached credentials and passwords from online accounts and try to brute force their way into them.