Botnets are networks of compromised internet-connected devices (usually infected by viruses or other malware) that can be accessed remotely and used to execute any processes defined by the botnet operator. The word “botnet” is a portmanteau, combining robot and networks.
The bot operator combines multiple hacked computers, or devices, to launch a malicious program and amplify the power and efficiency of the attack. The threat actor can tap into any internet-connected object – and our homes are full of them – including Internet of Things (IoT) devices such as tablets, smartphones, smart thermostats and smart speakers.
Botnets are often used to send requests to remote machines over the internet, are tailored and typically aimed at specific targets.
They are more commonly associated with DDoS attacks but can be used for automated traffic (e.g. account takeover or card validation attempts).
There is an increasing number of botnets being made available for hire, read what we had to say on the subject in our recent feature in Computer Business Review.
How to detect botnets
Botnet attacks have grown increasingly sophisticated in recent years as bot operators seek new opportunities to infiltrate a business’ web-facing infrastructure. For instance, threat attackers are increasingly taking advantage of the networks of residential proxies made readily available by the growing number of interconnected IoT devices.
Botnet attacks can be extremely powerful and are often used to carry out highly targeted, distributed attacks. They can remain undiscovered for long periods of time, stealing funds and committing fraud on a large scale while the victim remains entirely unaware. They can also happen suddenly and make their existence incredibly obvious.
The ability to detect a botnet attack is therefore vital to protecting your organisation from the effects of a botnet attack. There are several warning signs that a botnet attack is being carried out, including but not limited to:
- Linking to established command and control (C&C) servers to receive instructions
- Generating IRC traffic via a range of specific ports
- Maintaining simultaneous identical DNS requests
Collaborate with a bot management vendor who can quickly and accurately distinguish bots from humans, using technology that learns and adapts as quickly as the bots do to ensures it is always effective and efficient.