Botnets are also becoming a larger part of cultural discussions around cybersecurity. Facebook’s fake ad controversy and the Twitter bot fiasco during the 2016 presidential election worry many politicians and citizens about the disruptive potential of botnets. Recently published studies from MIT have concluded that social media bots and automated accounts play a major role in spreading fake news.
To Many Cybercriminals use botnets to mine cryptocurrencies like bitcoin is growing business for cybercriminals.It’s predicted the trend will continue, resulting in more computers infected with mining software and more digital wallets stolen.
How Botnet Works
For Better understand of botnet functions, consider that the name itself is a blending of the words “robot” and “network”. In a broad sense, that’s exactly what botnets are: a network of robots used to commit cybercrime. The cybercriminals controlling them are called botmasters or bot herders.
Size Matters
To build a botnet, botmasters need as many infected online devices or “bots” under their command as possible. The more bots connected, the bigger the botnet. The bigger the botnet, the bigger the impact. So size matters. The criminal’s ultimate goal is often financial gain, malware propagation, or just general disruption of the internet.
Imagine the following: You’ve enlisted ten of your friends to call the Department of Motor Vehicles at the same time on the same day. Aside from the deafening sounds of ringing phones and the scurrying of State employees, not much else would happen. Now, imagine you wrangled 100 of your friends, to do the same thing. The simultaneous influx of such a large number of signals, pings, and requests would overload the DMV’s phone system, likely shutting it down completely.
Cybercriminals use botnets to create a similar disruption on the internet. They command their infected bot army to overload a website to the point that it stops functioning and/or access is denied. Such an attack is called a denial of service or DDoS.
Botnet Infections
Botnets aren’t typically created to compromise just one individual computer; they’re designed to infect millions of devices. Bot herders often deploy botnets onto computers through a trojan horse virus. The strategy typically requires users to infect their own systems by opening email attachments, clicking on malicious pop-up ads, or downloading dangerous software from a website. After infecting devices, botnets are then free to access and modify personal information, attack other computers, and commit other crimes.
More complex botnets can even self-propagate, finding and infecting devices automatically. Such autonomous bots carry out seek-and-infect missions, constantly searching the web for vulnerable internet-connected devices lacking operating system updates or antivirus software.
Botnets are difficult to detect. They use only small amounts of computing power to avoid disrupting normal device functions and alerting the user. More advanced botnets are even designed to update their behavior so as to thwart detection by cybersecurity software. Users are unaware they’re connected device is being controlled by cybercriminals. What’s worse, botnet design continues to evolve, making newer versions harder to find.
Botnets take time to grow. Many will lay dormant within devices waiting for the botmaster to call them to action for a DDoS attack or for spam dissemination.
Vulnerable Devices
Botnets can infect almost any device connected directly or wirelessly to the internet. PCs, laptops, mobile devices, DVR’s, smartwatches, security cameras, and smart kitchen appliances can all fall within the web of a botnet.
Although it seems absurd to think of a refrigerator or coffee maker becoming the unwitting participant in a cybercrime, it happens more often than most people realize. Often appliance manufacturers use secure passwords to guard entry into their devices, making them easy for autonomous bots scouring the internet to find and exploit.
As the never-ending growth of the Internet of Things brings more devices online, cybercriminals have greater opportunities to grow their botnets, and with it, the level of impact.
In 2016, a large DDoS attack hit the internet infrastructure company Dyn. The attack used a botnet comprised of security cameras and DVRs. The DDoS disrupted internet service for large sections of the country, creating problems for many popular websites like Twitter and Amazon.
Botnet Attacks
Aside from DDoS attacks, botmasters also employ botnets for other malicious purposes.
Ad Fraud
Cybercriminals can use the combined processing power of botnets to run fraudulent schemes. For example, botmasters build ad fraud schemes by commanding thousands of infected devices to visit fraudulent websites and “click” on ads placed there. For every click, the hacker then gets a percentage of the advertising fees.
Selling and Renting Botnets
Botnets can even be sold or rented on the internet. After infecting and wrangling thousands of devices, botmasters look for other cybercriminals interested in using them to propagate malware. Botnet buyers then carry out cyber attacks, spread ransomware, or steal personal information.
Laws surrounding botnets and cybercrime continue to evolve. As botnets become bigger threats to internet infrastructure, communications systems, and electrical grids, users will be required to ensure their devices are adequately protected from infection. Its likely cyber laws will begin to hold users more responsible for crimes committed by their own devices.
Where do botnets come from?
To be a part of a botnet, it first needs to become infected with the type of specific malware that either contact a remote server or other infected systems present into the network. To get commands from whoever is controlling the botnet, which is hackers and cybercriminals. Despite being magnificent in scope and scale, although a botnet malware infection is no different from a traditional malware infection.
How do you recognize botnets?
So how do you recognize the botnet! You can recognize the botnet in the same way as you can distinguish a computer infected with other types of malware. Signs that includes the computer running slowly, and acting very strangely, giving error messages or the fan starting up suddenly when the computer is idle. These are all possible symptoms that some other person using the computer remotely as part of a bot network.
No comments:
Post a Comment