AdobeStock_102921353

Anura Blog

close
    Written by Alana L. Domingo
    on April 24, 2018

    The Internet: a vast computer network linking smaller computer networks worldwide. Using a variety of communications protocols, our computers can connect and exchange information at lightspeed.

     

    But unfortunately, any technology created with positive intent can (and usually will) be repurposed for unsavory practices. So, it shouldn’t be any surprise that bad actors are taking advantage of those common communications protocols to create what are known as botnets.

     

    In basic terms, a botnet is a group of malware-infected computers that work together to perform specific tasks, usually without the computer owners’ knowledge. Hackers known as botmasters or bot herders infiltrate vulnerable devices, turning them into “zombie” computers.

     

    Botnet Diagram

     

    Computers can unknowingly become part of a botnet by a number of ways. Users might install a sketchy browser extension or download software that contains hidden malware. Other times, bots search for outdated programs, old devices, and weak security measures to exploit.

     

    Related Post: What the Heck Are Bots, Anyway?

     

    Once they’ve amassed a zombie computer army, hackers can control them remotely through command-and-control (C&C) servers, using standards-based protocols like Internet Relay Chat (IRC) and peer-to-peer (P2P) networking to send data among the zombie devices.

     

    Modern Threats

    Traditionally, botnets are the weapon of choice to spread spam or commit click fraud. At the botmaster’s discretion, zombie computers can rack up site views, click on ads, watch videos, and post comments. More sophisticated botnets may go even further, from filling out forms to making online purchases.

     

    Related Post: 3 Signs You Have an Ad Fraud Problem

     

    Recently, botmasters jumped on the cryptocurrency train, using botnets to mine Bitcoins. Thanks to the massive amount of computing power their botnet stole, the botmasters running the Smominru scheme were able to make up to $8,500 a week in Monero cryptocurrency.

     

    Botnets are also responsible for the infamous DDoS attacks which have the power to cripple major websites. In a DDoS attack, hundreds of bots push traffic to a specific site. Since the site can’t handle so much traffic at once, it may becoming unbearably laggy or completely shut down.

     

    The Botnet of Things

    On October 21, 2016, scores of major websites broke, rendered useless by a DDoS attack powered by a botnet called Mirai. The botnet, largely made up of compromised Internet of Things (IoT) devices, bombarded Dyn, a DNS provider, with malicious traffic, effectively shutting down its services and causing popular sites to go dark. 

     

     

     

    Source: YouTube

    Securing the IoT ecosystem is proving to be a struggle. On the manufacturers’ side, there aren’t any universal security standards being put in place to regulate all the different devices out there. Manufacturers aren’t releasing critical software updates to outdated devices. In some cases, they orphan them altogether.

     

    Sometimes the end user is at fault. The Mirai botnet took advantage of a glaring security flaw that comes shipped with many consumer-ready IoT devices: default user IDs and passwords. Most people who buy IoT devices don’t change these settings after the initial setup, essentially leaving devices open for hijacking.

     

    Related Post: The New Ad Fraud Threat in the Internet of Things

     

    Most importantly, the sheer number of devices in existence makes it just about impossible to secure them all. And that’s only going to get worse; by 2020, the number of devices in use worldwide is predicted to pass 30 billion.

     

    Until things in the IoT industry change, expect to see more smart device-driven botnets pop up in the future.

     

    No End in Sight

    Realistically, like fraud, botnets aren’t going away any time soon. That’s why it’s so important to remain vigilant when it comes to protecting your online presence from cyber threats. Monitor your sites and keep your network security measures up to date to hold the botnets at bay.

    New Call-to-action

    You may also like:

    Ad Fraud

    CES 2019 Recap

    Recently my tech team and I stepped out of the office for a few days to do some research on the road, assessing how new ...

    Ad Fraud

    New Year, New Ad Fraud Resolutions

    Every new year presents an opportunity for a clean slate. But that doesn’t mean we’ve left the previous year’s problems ...

    Ad Fraud

    Ad Fraud: A Year in Review

    If you’re in the digital marketing sphere, you may have contributed to the $19 billion lost to ad fraud. Research estima...