Protecting PCs and IoT From Botnet Attacks
A botnet is a network of hijacked Internet-connected devices, such as PCs and IoT, infected with malware that allows one cyber criminal, known as the “Bot herder”, to remotely control them. A Bot herder can direct these devices to perform automated attacks, such as Distributed Denial-of-Service (DDoS) attacks or brute force password cracking, or sabotage services and websites by overwhelming them with malicious requests.
After the malware is installed, it waits for instructions from a central command and control (C&C) server that distributes commands to the devices in the network. Once a device receives these commands, it executes them to attack the target. Bot herders can use the botnets for a variety of reasons, including making money by selling access to the bots to other hackers, proving their hacking skills by constructing a resume of successful attacks or simply for nefarious personal gain.
Historically, botnets communicated with their C&C servers via IRC networks or through a client/server model. However, these models are easily disrupted by law enforcement and security vendors who can retrace bots’ communication to the centralized server and shut it down. For this reason, hackers have shifted to using P2P botnets, in which the individual bots act as both clients and C&C servers, obscuring their identity.
Keeping IoT and PCs safe from botnet infection starts with strong ingress and egress filtering practices, which prevent dangerous software and connections from entering your network in the first place. It also means not clicking on links in emails, texts or social media messages and installing a good antivirus suite that is able to block Trojans from infecting your devices.