BotNet News

A network of compromised devices controlled by a single criminal (the bot-herder) that can do anything from spamming large amounts of email to launching massive distributed denial-of-service attacks. Threat actors exploit the wide variety of IoT, mobile and PC devices on the internet to form these networks that can scale to thousands or millions of endpoints simultaneously.

Infection vectors include phishing, malware attachments or clickable links in email, unpatched vulnerabilities in software and firmware, and the use of default credentials to gain initial access to devices. Once the device-infecting malware has gained access, it typically “beacons” or calls home to the C&C server to register and establish a persistent communication channel. From there, it can receive instructions from the bot-herder to perform tasks ranging from collecting data to stealing sensitive corporate credentials.

C&C servers were traditionally centralized, creating a single point of failure; however, this model makes it easy for the bot-herder to be seized by authorities. To circumvent this drawback, hackers moved to P2P and decentralized botnets that operate using multiple links between botnet devices. These models can be slower in transmitting commands, but provide extreme resilience and make dismantling the entire botnet difficult.

The best defense against IoT botnets is to change default credentials on all devices after setup and install a firewall that monitors outbound traffic for any suspicious activity, such as contacting a C&C server. Also, keep operating systems, applications and firmware updated to patch known security vulnerabilities that are exploited by most botnets.