Botnet DDoS

Botnet definition

Botnets have become one of the most prevalent and ever evolving dangers to cybersecurity these days. Botnet is a cluster of computers connected through the internet to perform a nefarious task like a cybercrime. The hacker infects the devices with a malware to gain access to devices and attain absolute control.

How to create a zombie botnet DDoS?

In the past, hackers or botnet owners (called “bot herders”) used to create their own botnets with a command and control (C&C) server (Figure 1). Botnets are also referred to as zombies because they robotically perform malicious actions. Bot herders often tend to exploit a vulnerability in an application or website. They install malicious software like remote access trojan (RAT) to contaminate the device and take it under their control. They could also perform phishing operations to deliver a malware through email and break into the user’s device when the latter clicks on a spam message. Then the hackers organize the devices into a computer bot network to serve their bidding in carrying out huge attacks. Together, the collective computing power of these bots could be equivalent to that of a supercomputer. With such an army of bots by their side, the attacker now has more resources and can orchestrate attacks on a much larger scale than were possible with just a single machine.

botnet DDoS
Figure 1: Botnet DDoS

Attackers use this botnet to launch distributed denial of service (DDoS) attacks to extort money from enterprises, distribute spam emails to steal cash, for mining cryptocurrencies, credential stuffing etc. Sometimes, the attackers use a botnet attack merely to distract the victim while they plan a more sophisticated cybercrime. They might lease their botnets too.

DDoS as a service

Today, with the emergence of DDoS as a service (also referred to as Booter services), attackers create botnets and rent it to others to commit DDoS Attacks.
They can be rented even by novices with no experience, using web services, that look like legitimate web applications. They allow customers to register, choose an appropriate package to plan their DDoS attack based on their budget, attack vector or target profile, and place an order within a few clicks. Some of the services even have customer loyalty programs in place, like any other legitimate platform business. Not to mention, they market their services on platforms like YouTube. The rise of this industry on the dark web is a key factor in the growing innovation and competition among cybercriminals.

Botnet DDoS price

The price of a DDoS as a service might depend on the target (for example, hackers could charge more for government institutions) and the kind of protection the target organization might have in place. The different scenarios involved in the DDoS attack and resources required to conduct it could determine the costs too. To give an idea, a DDoS attack lasting 10,800 seconds costs the client approximately $20 per hour. It is low-cost for the client but can be devastating for the target.

IoT botnet DDoS

Internet of things (IoT) devices have many benefits. Nowadays, with the increasing adoption of IoT devices, the new trend for hackers is to exploit and infect IoT connected devices like smart household appliances, camera IPs, baby monitors, connected cars, medical appliances etc. These devices present a huge opportunity for hackers as they can exploit their weak security measures and bad password practices to incorporate them into their botnets. The security aspect needs to be considered during IoT development.

Largest botnet DDoS attack: Mirai

Mirai, which is a self-propagating malware, was a burning topic back in 2016. Mirai botnets were used to launch a series of some of the biggest DDoS attacks, exceeding one Tbps. The first attack was against the French hosting provider OVH. It was also used in an attack on the information security blog of well-known journalist Brian Krebs. Also, it attacked the servers of the DNS provider, Dyn, bringing down its sites including Twitter, Netflix etc. These botnets tracked down, broke into and enslaved over 600,000 vulnerable IoT devices like CCTV cameras etc all over the internet. Multiple hacking groups reused the mutated version of the same code henceforward to run their own Mirai botnets since this infamous incident.

However, there are some good botnets too. Researchers are allowed to create their own botnet of machines. For example, Seti@home, where “Seti” stands for Search for Extraterrestrial Intelligence. David Gedye came up with this project to use a collection of internet-connected computers that listen to radio telescope signals from outer space. This demonstrates how the power of a botnet can be harnessed for the good of humankind.

Nevertheless, you need to educate people about being more defensive and proactive by not opening untrustworthy emails or downloading from untrustworthy sites. Setting up a robust security system with a SaaS web application firewall that has anti DDoS protection capabilities can prevent botnets from disrupting your network and save it from turning into a zombie.