The criminal masterminds behind evil robotic networks are the stuff of fiction, right? Not quite. Robotic networks or botnets are a huge problem in cybersecurity and cause massive losses to the victims. Botnets are used for a variety of purposes and businesses must face up to the risk posed by botnets. In this article we discuss some examples of botnets, what harm they cause and what your company can do to stay safe.
What are botnets, why do they exist, and what do they do?
A botnet is a collection of computing devices, ranging from relatively simple units such as IoT devices through to powerful computer servers. Groups of these devices are connected by networking software that harnesses the connectivity and computing power of hundreds, thousands or millions of these devices to achieve a computing goal. Some uses for botnets include:
Botnets dedicated to DDoS attacks don’t need powerful computing power, but instead rely on the network capacity these devices have access to. This collective network capacity is used to inundate other networks and computers, effectively forcing the service they are supposed to run out of business.
This constitutes a distributed denial-of-service attack, and a botnet is central to any DDoS attack because of its distributed nature. Botnets may be based on hardware owned by criminal networks, or may consist out of hijacked devices that are illegally drawn into a botnet for the purpose of launching DDoS attacks.
Mining bitcoin and other cryptocurrencies is requiring increasing amounts of computing power making it difficult to profitably mine cryptocurrency. While cryptocurrency was in its infancy a single computer could be used to profitably mine currencies. Now it’s rather difficult to profitably mine cryptocurrency without deploying powerful, energy-hungry computers that are expensive to run.
Criminals have therefore started to hijack powerful computers, including applications servers, to turn these machines into mining botnets without the permission of their owners. With a botnet of powerful computers and no resulting energy bills a criminal network can easily mine very valuable cryptocurrency.
Bulk mail defenses have made it more difficult for spam email to enter users’ inboxes. In turn, spammers have turned to large networks of email servers sending billions of emails, or email botnets. By sending such vast amounts of emails these networks manage to get a few emails past spam defenses.
Whether the goal is to sneak malware on to a computer, to phish for passwords or to simply convince the recipient to sign up to a service, the massive reach of spam botnets can be incredibly lucrative, with many of these networks operating on hijacked devices in the same manner as crypto mining botnets.
The damage botnets cause
We have outlined the different botnets enterprises should be aware of, but it’s more important to understand why these botnets can be so damaging as this motivates the reasons companies have to seek protection.
Damage due to attacks
A DDoS attack that is run by a botnet – whether owned by the attacker, rented by a third party or hosted on hijacked computers – can easily take down your company’s network services, making it impossible to serve bona fide customers. An online store that is down, for example, will simply mean a big chunk of lost revenue. There is also reputational damage to contend with.
Loss of a hijacked asset
No matter what the purpose of a botnet, if a botnet is hosted on your computing equipment you stand to lose the use of the underlying equipment. The application you host on that equipment will suffer from a performance perspective. You will also be on the line for the energy bills associated with the illegal use of your IT asset while at the same risking fallout from the illegal activities that are conducted from your equipment.
How your business can acquire protection
All is not lost with botnets. Yes, your business is vulnerable in many ways but thankfully botnets can be guarded against. You need a multi-pronged strategy, however. First, you need to follow standard network and IT security practices to prevent your equipment from falling into a hijacked state. Guard against malware and ensure that your network and its devices cannot be captured by a botnet.
Next, ensure that your networks cannot fall victim to an external botnet. Acquiring third-party protection is key here because botnet attacks can be incredibly powerful. Public-facing services in particular need the protection of a provider that can mitigate DDoS botnet attacks that generate hundreds of Gbps per second.
To protect against the dangers of botnet hijacking, DDoS botnet attacks and more your business must consider involving a security provider that has broad expertise in botnets and the way these networks function. Your security provider can stop DDoS in its tracks and help you to understand where the vulnerabilities for botnet hijacking lie.