Botnets are a group of computers or other internet-connected devices which are controlled by a malicious user. They have become a major cybersecurity concern over the past few years. In this article, we will see the types of attacks that botnets are commonly used for and how to protect against them. If you are unaware of what exactly a botnet is and what models/architectures they use, check out the previous blog on botnets here.
Botnet attack types
Botnets can be used for various types of attacks but are most commonly used in the attack strategies that require traffic volume as botnets are comprised of tens of thousands of zombie computers.
Denial of Service Attacks
A DDoS attack is the most common use of botnets. A botnet attacks a network or a computer system for the purpose of obstructing service through the loss of connectivity or consumption of the victim network’s bandwidth and overloading of the resources of the victim’s computer system by sending a large number of requests which is more than the capacity of the system and hence results in the genuine requests being pushed to the end of the request processing queue. Many games’ servers are constantly under attack and DDoS attacks on individual players are becoming increasingly common.
Botnet attacks are sometimes also used to damage or take down a competitor’s website or for petty revenge against organizations. When a user tries to access the website, the browser sends a request to the host server and waits for a short duration. If no response is received, the browser displays an error message saying that the page is not available or request timed out. This error message does not do a good job of describing the actual error and you may not even be aware that your own network or the website server is under a DDoS attack.
Spamming and traffic monitoring
Botnets are used to harvest email addresses or to send massive amounts of spam or phishing emails. These emails pretend to be a legitimate company and usually contain a link that takes you to a cloned copy of their login page which is actually owned by the hacker. When a user falls into this trap and enters their details on this page, the credentials are automatically sent to the hacker’s device. This technique is called phishing which is now executed through botnets as they provide anonymity to the malicious user. As for spam emails, botnets are preferred due to their large volume.
Other than spam, bots also look for login credentials and other sensitive data by acting as packet sniffers to find and intercept sensitive data passing through an infected machine. Both herders use this confidential information for their personal gain and evil intentions.
If the compromised machine uses encrypted communication channels (e.g. HTTPS or POP3S), then just sniffing the network packets on the victim’s computer won’t let the bots harvest any substantial information since the appropriate key to decrypt the packets is missing.
Hackers have adapted to this problem by making use of a keylogger program in the infected machines which makes it easy for the bot owner to retrieve sensitive data. They can implement a filtering mechanism to only record the key sequences near specific keywords such as Gmail. The scale of this procedure is daunting when you take into consideration that there are probably thousands of compromised devices which have a keylogger running on them.
A pay-per-click system is one where advertisers are charged a tiny amount each time someone clicks on their advertisement on a web page or each time the advertisement is loaded into a browser. This system is open to abuse and botnets can be used for financial gain by automating clicks. It is impossible to tell whether a user clicked on the link genuinely to know more about the advert or was tricked into clicking it. The IP address can’t be used to differentiate either as the statement of activity can be used to show different addresses for every event. So in a click fraud, a zombie army is used to show thousands of visitors to a page in order to artificially increase the click counter of an advertisement.
Another major use is to spread new bots in the network. This is achieved very easily by tricking the user to download and execute a file via FTP,HTTP or email.
Protection against botnets
Update your software
Fortunately, most OS and browser companies are aware of the menace of the bots and keep shutting down the security weaknesses constantly by providing security updates and patches. So make sure you upgrade your software and Operating System.
Be wary of emails from suspicious or unknown sources
Bots often use contact lists to compose and send spam and infected emails. Don’t download any files attached to speculative emails that come from people who you don’t know. If a known person sends an unusual attachment or link, confirm the authenticity of the email before opening or downloading anything.
Download torrents and PDFs with caution
Botnets use P2P networks and file sharing services to infect computers. Scan any downloads before executing the files as the free online PDFs may be infected that can slip a Trojan into your computer. Find safer alternatives for transferring files and never download files that don’t have recognizable file extensions.
Enable Firewall and Antivirus
Botnets sneak into all types of devices so look for an antivirus that protects all your devices and not just your computer. Usually operating systems have a free-of-cost integrated firewall and antivirus systems that are aimed at keeping your computer free of Trojans and zombie control programs. Don’t turn them off just to download certain free and attractive software off the internet as you could be inviting trojans and malware into your device.
With the range and number of botnet infections is increasing, it is important that every organization should monitor their networks periodically in order to prevent bot attacks. Individual users also need to become a part of the solution if they want to keep accessing their favourite websites and play online games.