What is a Botnet?
A Botnet is a network of devices infected with malware that are used for cyber attacks by attackers. Cyber criminals use the botnets to steal data, send spam email, attack servers or generate malicious traffic for distributed denial-of-service (DDoS) attacks. The hacker who controls a botnet is known as the ‘bot herder’ or ‘bot master’. The herder can remotely control the thousands or millions of enslaved devices, known as zombie computers, for their own financial gain.
Bots infect computers, mobile devices, smart TVs, soundbars, wireless CCTV cameras and other IoT devices. They scout the internet for unpatched and vulnerable security gaps, misconfigured settings and hardcoded vulnerabilities. Once a device is infected, the herder can direct them to execute a specific task – such as downloading and stealing data, spreading malware, collecting credentials, generating traffic for DDoS attacks or conducting CPU-intensive crypto mining.
Most botnets communicate with their herder using a centralized command and control (C&C) server, or through a more sophisticated peer-to-peer model. Peer-to-peer bots communicate directly with each other, discreetly probing random IP addresses until they contact another bot that is able to update its instructions. This method obscures the herder party and makes it much harder to terminate the botnet.
Bots are employed for a range of reasons, from activism to profit. For example, the Mirai botnet was enslaved IoT devices to conduct large DDoS attacks on networks. It also scoured the internet for credentials, harvesting them and then selling them on the Dark Web. Other motives include espionage and cyber activism. For the most part, however, cybercriminals are driven by money, and they rely on zombie armies of enslaved devices to make it happen.