Distributed Denial of Service (DDoS) attacks have been a big problem for years, but they seem to happen every day now. Groups like lone hackers, criminal gangs and hacktivists often use a variety of techniques to carry out these attacks and there doesn’t seem to be an end in sight at this rate.
The goal of these attacks is to degrade or disable the performance or network connectivity of target systems. Targets can be anyone with an online presence, such as small and large businesses, internet providers or manufacturers. Hacking into a victim’s server enables a hacker to steal data or conceal the identity of the hacker in order to inflict damage to that business.
One of the reasons people create botnets is for financial gain. Some hackers attack companies that don’t pay up, while others release new variants of the malware to extort them in exchange for payments. Nation-state actors can use botnets to steal data and damage systems.
Check out our blog post on the history of DDoS attacks and why it’s important for business owners to be aware of new techniques being used online. In this post, we’ll cover the basics of botnet and DDoS attacks. These are often delivered through collections of remotely compromised systems.
What is a Botnet?
Bots can come from anywhere and can include a mix of devices including computers, smartphones, virtualized machines, internet-connected IoT devices such as IP cameras & TVs. Every device that has internet connectivity could be vulnerable to being hacked. These days, a lot of consumers are investing in IoT technology. The downside is that the industry is still new and leaves such vulnerabilities open for hackers to take advantage of. It’s estimated that more than half of all IoT devices will become infected with malware by 2020. Furthermore, botnets – particularly if they become part of an IOT botnet – can be humungous. One single botnet can consist of hundreds of thousands or even millions of hijacked devices.
Hijacking devices for a botnet involves finding devices that have vulnerabilities to make it possible to install malware on them. Some of these machines don’t even have any bots installed but are unsuspecting targets nevertheless.
There seems to be a lot of misunderstanding about what constitutes a botnet. Wikipedia, for instance, lists the definition as “The attacker installs malware on client systems and then spreads the malware over internet-connected infrastructure such as infected keyboards.” A botnet is composed of many different devices and a few central devices that act as the brains to control everything.
The bot victim, at this point in the process has essentially stepped away from the device. The botware on the compromised device communicates with a wider network of infected devices in order to establish control over them. Driven by commands received from a “botmaster” or “botherder”, these have some or all control over the bots.
Botnet Command and Control
Early communications between the botnet’s command and control systems and compromised devices was client-server based. This often involved using e.g. (IRC) for Internet Relay Chat with messages sent encoded in CRIME files. The botware is connected to an IRC channel and is awaiting commands. It can also post updates on that channel or remotely gather data. Alternatives to using IRC include Telnet and HTTP requests for webpages or JSON data, It’s worth bearing in mind that bots can have a hierarchical command and control system, where different layers of bots relay commands from the layer above to the layer below.
The latest botnet command and control communications are based on peer-to-peer (P2P) connections. In this model, compromised devices find other botnet members by scanning IP addresses to find services in which they share lists of known peers and relayed commands. Creating these types of complex networks require more effort, but it also becomes significantly tougher to hack.
The rise of the IoT botnet
IoT devices refer to a broad range of commercial and consumer goods, including systems for temperature measurements, smart TVs, IP cameras, smart doorbells and more. They are used not just in commercial settings but also in everyday life. Despite a thousand voices warning about the dangers and well-known ways to fix them, IoT vulnerabilities such as making sure you have strong passwords and preventing default accounts from being active are still ignored. One more source of IoT vulnerability is vendors not providing updates to address security vulnerabilities or device owners failing to apply updates.
Botnets are networks of infected computer systems that communicate with each other.
Bots can be used for 4 different purposes, giving you the opportunity to change a botnet amongst all functions if necessary. :DDoS – Distributed Denial of Service. This is where bots attack a website, overwhelming it with traffic by making many more requests than necessary. For example, a botnet will send 100 requests per second to a website to bring the server down.- Distributed Denial of Service. This is where bots attack a website, overwhelming it with
Spam and Phishing e-mails are a big problem.
One of the first uses for a botnet was generating spam. It allows spammers to get around blacklisting their sending IPs & even if some bots get blacklisted, there will always be bots which will continue to send out spam.
More targeted use of botnet spam is for phishing – bots generate huge amounts of spam emails that appear to be from banks, retailers or other shops and buy an email address. They send you a link to click on and enter their password when logging in. scammers often attempt to harvest your personal data such as bank account info, credit card data, and website logins. This makes them a legitimate threat.
Advertisement fraud is a negative facet of many internet-driven businesses.
Another way Google and other ad-based networks pay for the ads you see is by serving them to websites, who in turn have to get their traffic from somewhere. But some malicious bots serve as automated clickers on those ads to generate imaginary traffic and thus, increase the income of websites.
The process of acquiring digital currency.
Bitcoin mining and other cryptocurrencies are increasingly popular. By running their mining algorithms on tens of thousands of bots – the internet of things botnet can be an excellent platform to do so. It thereby steals computer power from the device’s owner, and this allows it to mine at high rates with low electricity costs. This is significantly better (and cheaper) than mining traditional virtual currency.
DDoS attacks are becoming more accessible and are being offered to the public.
Distributed Denial Of Service Attacks are relatively easy to unleash, due to the use of botnets & their distributed nature. This makes it difficult to filter out the malicious traffic, which can include all kinds of DDoS attack. Botnets can even carry out a concerted effort to take down a server.
Until a few years ago, DDoS attacks were mainly sold as services. Now, on the darknet markets and even on conventional websites, you can buy them for about $5 per hour. The cost depends of course on the amount of time needed to attack a site and its scope.
History of Botnets
The first true internet botnet appeared in 2004, with the newly-named Bagle. Bagle is known to be a Windows worm that relayed spam from its master to many other computers. The strain called Bagle.B was the second version and took over many others as well. On New Year’s Day 2010, Bagle was responsible for 14% of all spam. By April of that year, the malware generated over 5.7 billion spam messages per day. As with any type of malware, other hackers copied and improved the code to create their own variation – with over 100 versions in total!
Akbot was the first botnet to launch a DDoS attack and it was created in 2007 by an 18-year-old. Using IRC, this botnet had 1.3 million computers at its peak.
Botnet attacks are now surprisingly common, recently the largest botnet to date (Russian BredoLab) made use of 30 million devices.
The future of computer network attack (CNA) and Distributed Denial of Service (DDoS) attacks
Botnets have become prevalent because of the proliferation of poorly secured IoT devices that can be co-opted into botnet networks and the growing population of vulnerable computers. Botnets are here to stay due to their prevalence in recent attacks. Russian cyber attacks on Ukraine are no doubt a recurring issue. Botnets and DDoS attacks have been seen in both Russia’s and Ukraine’s campaigns against one another.
Regardless of whether you are a governmental organization or a company, you need to have a plan in place to deal with botnets and DDoS attacks. If done right, it will provide reassurance that your service is not too big or too small and so is unlikely to be hacked.
Second, plan for increased internet bandwidth on a scale of preference to a certain amount. For example, if you spot an incoming network attack approaching your system then you can always increase the bandwidth and make it more difficult for them to get access. Running a business is about making tough, sometimes costly decisions. Luckily, there are now so many ways of hosting your data that you can choose from depending on how much flexibility and scalability you need – from managed physical servers, to “infrastructure as a service” (IaaS), to public cloud services.
Try out expanded use of CDNs. This can increase your client-side delivery bandwidth & help you stay protected from DDoS attacks.
In order to lower the risk of attacks, you should use hardware and software protection services. For example, if you want to save your business in case it’s attacked by automated armies, you should take a look at DDoS protection services and other IT security countermeasures.
