What is a botnet?

What is a botnet and how does it work?

A botnet (short for “robot network”) is a large collection of infected devices (called “zombies”) that take commands from a hacker. When your computer, tablet, router, or smartphone is contaminated with certain malware, it can spread it to other devices, making the botnet even larger. Most of the time users have no idea that something is wrong with their operating system, as all malicious activities take place behind the scenes.

Hackers use botnets to maximize their criminal efforts and carry out as many malicious actions as they can. One hacker relying on one device has a limited ability to cause damage and make money. But if they have a network of bots, they can conduct attacks on a much larger scale.

Wrongdoers searching for system vulnerabilities and creating botnets are called “bot herders”. Criminals sometimes rent out their “herds” to other hackers, so maintaining and expanding them can pay off even if they don’t launch attacks themselves.

Types of botnets

• Client-server model. In this model, a network is established and operated by one server acting as a botmaster. The attacker orchestrates all operations and maintains communication with infected devices. Each bot connects to the control center to receive instructions and execute new commands. However, a botmaster can be easily detected and their server shut down.

• Peer-to-peer model. This type of botnet is decentralized, meaning that there’s no central server responsible for the operations. Each bot can act as both the command and control center and the client. Even if you manage to stop some bots, it has no effect on overall operations. Peer-to-peer botnets are much more difficult to fight, and it can be hard to find the attacker who’s hiding behind them.

Common botnet attacks

Distributed denial-of-service (DDoS) attacks

Hackers target a specific website, server, or network and send in their bot army. The bots clog the network with traffic, causing services to crash and denying access to genuine users. There are a number of reasons perpetrators conduct DDoS attacks:

• Disrupting the services of business rivals.
• Sabotaging political campaigns.
• Seeking revenge.
• Hacktivism (promoting a political agenda or social change).
• Cyberwars between countries.
• For financial gain.

In 2020, multiple banks and financial institutions in Australia received emails threatening to carry out DDoS attacks unless they paid a ransom. These types of threats became common for many large organizations which relied on the internet. If a DDoS attack took down their website or application, every minute could cost millions of dollars in lost revenue.

Phishing attacks

Hackers use phishing emails to conduct ransomware attacks, spread spam, steal your personal information, or even add your device to their bot army.

Cybersecurity experts say that more than 3 billion fake emails are being sent daily, which couldn’t be possible without botnets.

Brute force attacks

Hackers use botnets to conduct brute force attacks, allowing them to break into private networks. Botnets can try combinations of commonly used passwords and report the results to the control center.

Related articles

Attacks & breaches What cryptojacking is and how to prevent it

Apr 07, 2020

·

4 min read

Attacks & breaches What is a whaling attack and how do you prevent it?

May 14, 2020

·

3 min read

How to tell if your computer is a part of a botnet

Sometimes it can be really hard to notice if your computer had been turned into a “zombie”. However, if you’re experiencing any of these signs, your should be on your guard:

• Your device becomes slower and crashes more than usual.
• Suspicious emails are being sent to your contact list.
• Your computer takes longer to shut down, or you have trouble turning it off.
• You can’t download any new system updates.
• The internet connection becomes slower.
• You notice suspicious programs running on your device that you don’t remember installing.

5 ways to combat malware infections

1. Update your software regularly. Hackers are always looking for software vulnerabilities to infect the networks and connected devices. By updating your operating system and apps on time, you’re mitigating the risk of becoming a victim.
2. Don’t click on suspicious links. Since phishing is commonly used to spread malware and turn your computer into a “zombie”, we recommend thoroughly examining every link you get. Hackers can impersonate government organizations and well-known companies to trick you into believing their legitimacy.
3. Use Threat Protection. It neutralizes cyber threats before they can do any real damage to your device. It also helps you identify malware-ridden files, stops you from landing on malicious websites, and blocks trackers and intrusive ads on the spot.
4. Practice password hygiene. Don’t use the same password for all your accounts. Make sure to change any default passwords on your router and IoT devices (smart printer, home security system, etc.). A good password contains upper- and lower-case letters, along with numbers and specials symbols. Consider using a password manager like NordPass to enhance protection across all your accounts.
5. Use a VPN. A virtual private network (VPN) encrypts your internet traffic, so nobody can see what you do online. Perpetrators often use unsecured routers to infect connected devices with malware, either through fake Wi-Fi hotspots or by directly targeting your home network. With one NordVPN account, you can protect up to six devices, including your router, and lower the risk of being added to a botnet.

Take cybersecurity into your own hands with a VPN. Try NordVPN free for 30-days.