DDoS attacks, as well as the botnets that enable them to happen, are one of the Internet’s most powerful weapons. What’s more, anyone can buy a botnet and wreak havoc with just a few clicks. All they need to do it successfully is a few dozen dollars and some safety precautions.
For instance, Mirai, one of the biggest and most (in)famous botnets ever, was the work of three college students trying to breach Minecraft servers. However, this 2016 attack ended up becoming the largest of its kind to date, stealing over 1 terabit per second and infecting over 600,000 IoT devices.
If you’d like to avoid becoming part of a botnet or being attacked by one, adequate protection and preparation are a must. First and foremost, you should learn how botnets and DDoS attacks work.
What is a Botnet?
As its name suggests, a botnet is a network of bots, i.e., devices that have been hijacked using some sort of malware. Hackers use them in a number of malicious ways — from DDoS attacks and click generation to data theft and spamming, but they typically combine attack strategies.
Every botnet has three major components. For starters, nothing would be possible without the bot herders, the masterminds of the operation.
Then, there are also the command-and-control (C&C) servers or devices that allow the herder to communicate with the bots. They do so from a remote location, trying their best to hide their identity. In addition, there are multiple communication protocols hackers can choose from — old-school IRC, TelNet, domain, peer-to-peer, social media, etc.
Lastly, a botnet would be nothing without its ‘army of zombie computers.’ Any IoT device can easily become a bot without the users’ knowledge or approval, no matter if it’s a smartphone or a simple baby monitor.
Recommended for you: DDoS Attack: How to Keep Your Website Safe from DDoS Attacks?
Botnets and DDoS Attacks
When it comes to DDoS attacks, the main purpose of botnets is to bring massive amounts of traffic to a server and eventually take it down. Downtime causes businesses to lose precious time and money. Consequently, that damages their reputation and breaks the trust of thousands and thousands of their customers.
According to a 2018 report from International Data Group, the average downtime per attack is 7 to 12 hours, which amounts to a whopping $2.3 to $4 million in costs per attack. The motivation behind most DDoS botnet attacks is either competitive advantage, sheer rage, and vandalism, or money (in the case of ransomware).
With Network or Layer 3 DDoS attacks, bots swamp the target server with traffic, consuming its bandwidth and overwhelming it with requests. Layer 7 attacks, or application layer attacks, use the same strategy. However, their main targets are weak applications and operating systems.
Each year, DDoS attacks are becoming more common, as well as more sophisticated, making botnets harder to track and eradicate than ever. What’s more, anyone can buy or rent a botnet, sometimes for less than $10 per hour. There are also botnet kits for hire, which we call booters/stressers, and they are becoming increasingly popular.
Means of Botnet Control
The two main models of botnet control are client-server and peer-to-peer.
Before peer-to-peer networks came to be, hackers used the traditional client-server method. This type of network implies the existence of a central server that controls the resources and data. On the other hand, new and more effective ways to do it have come into existence in the meantime.
One of such ways is peer-to-peer (P2P) networking. Its main advantage is that it doesn’t feature a centralized server. Instead, a network of peers or nodes controls all the resources. This model significantly lowers the risk of disruption or failure, as there are always backup servers in case one gets taken down. These P2P networks are often encrypted, which makes them even harder to detect and defeat. Most modern botnets utilize this type of network.
History’s Most Notorious Botnets
Although we don’t know the exact figures, the number and size of botnets have been on the rise for a while, with today’s botnets having millions of minions in their armies. In light of that, let’s explore the biggest and most memorable botnets that have ever existed.
You may like: Top 5 Cybersecurity Threats Today and Beyond.
Earthlink Spammer (2000)
The Earthlink Spammer was the first-ever botnet. It sent out millions of malicious, but seemingly legitimate emails, with the intention of phishing, i.e., stealing sensitive data from the receiver. Upon clicking the link from the email, the virus would instantly be downloaded on their computer, after which it would send the info back to the sender.
Srizbi was a trojan-based botnet that consisted of over 450,000 infected Microsoft devices. At the time, it was the largest botnet ever, topping the infamous Storm botnet.
Srizbi was responsible for half the spam that was sent out that year, distributing over 60 trillion threats every day, including spam emails advertising watches, pens, and penis enlargement pills. At one point, Srizbi was even sending out political spam, promoting the U.S. presidential candidate Ron Paul’s campaign, though it’s still unclear why to this today.
ZeuS was a popular trojan malware about 10 years ago, allowing the hacker to perform all kinds of criminal activities, most commonly to steal banking information. Before the arrest of suspects linked with ZeuS, it managed to infect over 3.6 million devices, and over 70,000 accounts on numerous websites, such as Bank of America, NASA, Amazon, ABC, etc.
However, less than a decade later, ZeuS emerged once again, this time as an encrypted peer-to-peer network called GameOver Zeus. It was taken down in 2014, but its maker, Evgeny Bogachev, is still on the FBI’s most-wanted list.
Emotet was not just a botnet, but also a major international cybercrime operation. Like many others, it used a banking trojan, distributing it via innocent-looking email attachments, such as Microsoft Word documents.
However, Emotet was much more than that. It evolved to become the go-to Malware-as-a-Service (MaaS) solution for top-level cybercriminal groups, aiding ransomware operations like Ryuk. The 2021 Emotet crackdown was the result of a collaborative effort between more than eight countries, including Germany, Ukraine, the U.S., etc.
Mirai (2016-present day)
Of course, no list would be complete without the legendary Mirai botnet and malware. With millions of bots at their disposal, it’s today’s most widespread botnet. It primarily targets IoT devices (i.e., smoke detectors, thermostats, smart speakers, and other gadgets), exploiting their weak or non-existent passwords.
As we mentioned in the beginning, the masterminds behind Mirai were a couple of college students looking to hustle Minecraft, but it went on to become much more. In fact, it was responsible for some of the most impactful DDoS attacks in recent history. For instance, Mirai was behind the 2016 attack on DNS provider Dyn, which is the biggest ever recorded DDoS attack. Because of the attack, thousands of popular websites were down for the day, including Twitter, Reddit, Netflix, and CNN.
After the attack, the creators cleverly decided to release the Mirai source code on GitHub to hide their identities. Unsurprisingly, the code was downloaded and reused thousands of times and in various malware projects. Therefore, the full scope of Mirai’s impact is unfathomable. Although the authors were supposedly caught, Mirai continues to be one of the biggest cyber threats today.
How to Stay Away from Botnets and DDoS Attacks?
Unfortunately, most users aren’t even aware that their device is part of a vicious botnet. New technology has enabled hackers to be as discreet and quick as possible, all the while causing millions of dollars in damage to online businesses. DDoS attacks are quite hard to detect, and many of them go unnoticed until hours later. Even then, sometimes it’s hard to differentiate a hacker attack from a bug or malfunction.
If you notice strange activity and can’t pinpoint the cause, it may be time to suspect an attack. For instance, clients or employees might report that your website is sluggish or down altogether. Also, upon doing the log analysis, you might notice drastic spikes in the website’s traffic. After carefully analyzing and eliminating every other potential source, you might be able to figure it out. Still, at that point, hours will have passed and the damage will have already been done.
The best thing to do is to come up with multiple preventative solutions and implement all of them. For example, it’s not enough to install anti-malware software and call it quits. You should also consider setting up a few additional servers, increasing the bandwidth, and purchasing some top-notch tools to help you monitor your resources and activity. All in all, you should make sure that there are no weak points in the security system.
You may also like: The Growing Need for Cybersecurity: 10 Tips to Stay Protected Online.
All in all, botnets have been and continue to be huge threats to our increasingly digitized society. More importantly, they were a crucial element in some of the most devastating DDoS attacks in history. Given that they’re only becoming more popular, you should adopt strict security practices before a DDoS attack happens to you and causes major setbacks to your business.
Even if you’re extra cautious, a DDoS attack can still happen to you. In that case, your best bet is to be well-organized and prepared. Coming up with a thorough response plan beforehand will most certainly help you mitigate the botnet attack and its consequences in the shortest amount of time possible.