From bad to worse: the continued evolution of botnets

by Business Case Studies on Thursday 5th October, 2017

A latent fear many of us have lurking deep down inside is that robots, with their artificial intelligence so unfettered by conscience or emotion, will eventually advance beyond their creators’ control and take over the world.

Most people are able to put this fear aside using logic and rationale. However, there is a subset of people who know that while robots may not be poised to take over the world just yet, they have taken over an ever-growing portion of the online world. If you don’t already know what botnets are, where they came from, what they’re becoming and what they do, now is the time to find out.

Botnets in a nutshell

The word botnet is a combination of robot and network, thus it can be at least partially inferred that the answer to what is a botnet is a network of “robots,” which in this case are computers or other internet-connected devices that have been hijacked for illicit use.

This hijacking is accomplished via malware that infects devices and allows someone who is not the device owners to control them. Frighteningly, this is most often accomplished with the owners having no idea this has happened. With a network of zombie computers and other devices at their disposal, the people who build and use botnets can have a tremendous amount of computing resources at their literal fingertips.

The early days

Botnets as we know them got their start in 1999 when a Trojan named Sub7 and a worm named Pretty Park infected victim machines and connected them to an internet relay chat or IRC channel to ‘listen’ for malicious commands, ones that notably included keystroke logging in an attempt to steal credit card numbers or passwords.

In 2003, botnets became truly profitable when spamming botnets were born. It’s estimated that tens of millions of infected computers are still being used in spam botnets. Spamming is still a major issue facing the internet, but botnets have developed new talents since those early criminal days in 2003 and 2004. Botnets are also known for hosting phishing sites, adware installation, and the harvesting of personal or financial information for resale.

Spreading chaos

That said, botnets are currently best known for unleashing distributed denial of service (DDoS) attacks. These attacks use the computing resources of a botnet to overwhelm the server or network resources of a target website with the aim of taking that website offline, or at least slowing it down beyond the point of usability.

The outages caused by DDoS attacks cause an immediate loss of traffic and revenue to the affected website, as well as a long-term loss due to frustrated users who simply take their business elsewhere. DDoS attacks can also result in damages to hardware and software, and can be used as a distraction for intrusions resulting in data theft.

New heights

Over the last few years DDoS attacks have gone from a concern of cybersecurity professionals to a major issue on every website owner’s radar. There are two main reasons for this, one of which is the growth in DDoS for hire services – botnets available to be rented cheaply by anyone wanting to launch attacks. This has caused a significant uptick in the number of attacks firing across the internet.

The second reason DDoS attacks have become such an unwieldy problem is due to a new type of botnet terrorizing the internet. Botnet creators have taken advantage of unsecured devices in the Internet of Things (IoT) to build botnets of an unprecedented size that are launching attacks bigger than the internet has ever seen. The most infamous IoT botnet is the Mirai botnet, easily assembled because default usernames and passwords left in place on devices like DVRs and CCTV cameras were easily guessed. Mirai gained widespread attention in the fall of 2016 after it launched three record-breaking attacks in short order, including one that was responsible for taking Twitter, Netflix, Reddit, Spotify and other major services offline.

As bad as Mirai has been, there’s a botnet that’s even worse currently targeting IoT devices. The malware powering the so-called Persirai botnet is capable of stealing password files, regardless of the strength of a device’s password, leaving almost every device vulnerable to its harvest.

Battling back

A big part of preventing the damage botnets are able to do requires websites and businesses to have professional DDoS mitigation in place; intelligent and scalable protection that can defend against both clever application layer attacks and behemoth network layer attacks without letting legitimate users be affected by the attack attempts.

Perhaps an even bigger part of preventing DDoS and other botnet-related damage will come from keeping computers and devices from becoming ensnared in botnets in the first place. Securing computers with anti-virus and anti-malware software is a good step, as is changing default usernames and passwords on IoT devices. Given the success of the Persirai botnet, however, this is no longer enough to fully protect devices.

For better protection, consider isolating devices on your network with segmentation or firewall policies, only allowing devices to communicate with approved IP addresses. You should also block internet access to admin ports and disable universal plug and play on your firewall or router.

Mirai and Persirai aren’t exactly the killer robots at the center of schlocky horror plots and unsettling nightmares, but they are excellent examples of the merciless way a network of robots can cause destruction. They may not be taking over the world, but they are bringing websites and even businesses to their knees, and without proactive steps taken by those websites and businesses as well as internet users all over the world, their reign of DDoS terror will continue.

 

Comments on this entry are closed.

Previous post:

Next post: