Botnets: The Unseen Army Ruling The Internet

Botnets are robot networks made up of computers, or any device with network connectivity (computers, security cameras, smart TV’s, smart thermostats, etc.). Botnets have a  long history in technology, as they have been around since the early days of the internet. While commonly perceived to be malicious in intent (and rightfully so), botnets do not exclusively perform destructive commands. 

Over half of all web traffic consists of bots. With the advancement of artificial intelligence software, the IoT movement, and machine-learning technology, bots are beyond relevant in today’s technology landscape. Examining the good and the bad in the latest cyber trends can gain greater insight into how your business will be impacted; or better yet, how your business can seize opportunities to gain a competitive advantage.

Botnets Background

A bot in this context is a type of malware, or series of scripts, commands or a software program designed to connect to something (usually a command and control server) and execute a command or a series of commands. A network of bots can be controlled as a group and form a botnet. Botnets can be hundreds or thousands of infected machines that stretch globally to perform various automated tasks or functions at a significantly higher rate than would be possible for a human.

Good Bots

Artificially intelligent programs, like bots can do many useful tasks. Bots like Siri or Cortana are commonly used to search for news, summarize a collection of data or scan websites. Messaging apps like Facebook, WhatsApp, and Slack have deployed bots as assistants to help find places to meet up with friends and family. Bots (specifically chat-bots) are also being used to advance customer relationships and automate otherwise tedious tasks.

Since the power of botnets do not have to be harmful, it may be possible to deploy friendly botnets that can for example discover and lock down infrastructure insecurities and deploy “unauthorized” maintenance and patches. Industry talks have indicated that bots may one day replace the apps we have become reliant on today.

Bad Bots

Unfortunately, powerful tools like botnets are often manipulated with malicious intent to deliver DDoS attacks (Distributed Denial of Service). In fact, botnets have become a sophisticated and popular tool used in today’s cybercrime activities. Hackers are able to take control of several computers at time, and turn them into what is commonly referred to as a “zombie army”. The infected computers (typically hundreds if not thousands in an army), controlled by the bot masters are able to spread viruses, generate spam and commit online crime and fraud.

The actual owner of the computer rarely has any knowledge that their computer is involved in such activity, and may only start to notice as the computer slows down or displays mysterious messages, or crashes completely. Bots strive to stay hidden until their task is completed.

Once bots have taken over, they are able to:

  • Send spam, viruses or spyware
  • Steal confidential information
  • Deny service to website, server, etc.
  • Partake in “click- fraud” to boost web advertising,  or “listen-fraud” to increase royalties received form online music streaming services

How the Bad Bots Flourish

The explosion of botnets flourish by exploiting multiple vulnerabilities on common platforms. The rush to bring IoT devices to market that are easy for the average home user to setup and install, often means there are thousands of predominantly unsecured connected devices available for cyber criminals to overtake undetected.  Botnets sophistication continues to grow due to the many security solutions in the market that have been put in place to combat these challenges. As botnets are written to defeat detection by security software, malware developers and security vendors have a complex relationship that has each deploying counter measures in effort to breach or protect the infrastructure in place.

Botnets are available for purchase or rent on the black market (Cybercrime-as-a-Service), and it does not take much technical expertise to acquire them. Few cyber criminals will ever face justice as the amount of resources that would be required for a successful investigation to occur to uncover who has done what would be tremendous.

DDoS mitigation services can be procured to detect attacks and apply an effective defense.  However even mitigation services have the potential for a twisted dark side. The competitive business environment has resulted in some mitigation services actually “spreading the disease” in an effort to “sell the cure”.

As the threat of cyber-warfare grows and the damage it can cause increases, we will likely see botnets used as weapons in government conflicts across the world.  (If they aren’t currently been employed.) Governments or those with critical infrastructure should be concerned as DoS (Denial of Service) attacks that botnets distribute can:

  • Disrupt communications during a crisis
  • Source code infections can cause shutdowns of critical networks
  • Access-critical systems can provide enemies with military information

Things To Consider

Whether driven by revenge, greed or a competitive ego, botnets have the potential to severely influence customer service, and consumer trust and brand loyalty. Any business that interacts with the internet needs to be aware and proactively protect against cyber attacks and bots.

Smart home devices have become a key vulnerability as the rush to enter the marketplace with the newest, flashiest connected device means security and safety has not been top priority for many manufacturers. Further complicating the Internet of Things (IoT) is that these devices are designed to be require very little user interference. This means its very difficult for consumers to make any changes to, or apply extra security customizations to the device after market.

Whenever possible install and update top rated security software, update it often, limit user rights and apply secure, unique passwords to the devices on your home or business network. Familiarize all users that have access to your network with phishing campaigns and other current cyber threats. A multi-layered, proactive approach to security will be your better than any tool that could be put into place after that fact.

(image via pixabay)