What is a Botnet Attack?
Date: 24 August 2021
A botnet is a cluster of machines infected with malware that allows hackers or malicious actors to to control them. Cyber criminals are then able to use these botnets to unleash a string of attacks, Distributed Denial of Service or DDoS attacks are the most common of these. Botnet attacks can also be used for credential leaks, data thefts and unauthorized access.
The progress that technology has made, has opened up a wide world of opportunities for consumers and businesses alike. Unfortunately, it provides the same level of opportunity for malicious parties and threat actors, leading to what can only be described as an arms race between nefarious entities and cybersecurity specialists.
One of the more well-known weapons of these nefarious actors is the Botnet.
Botnets can be deployed to create a large-scale assault on a server (or servers) in order to deny access to legitimate users. And, as with any blight or menace, the first step towards defending yourself against such a problem is understanding that problem fully.
What is a Botnet?
A botnet is essentially a vast array of infected computers that can be put to malicious work by a remote party. In other words, if you do not practice adequate safety and install necessary security measures within your computer network, it could be part of a botnet without you even knowing!
Systems that are part of a botnet may not exhibit any unusual behavior. At least, nothing the user of that system would be able to detect without up-to-date anti-virus software. But they would be just as dangerous to the intended target of the botnet when it’s time for an attack.
What’s worse is that a machine that has been compromised is not immune from being compromised by a different botnet at the same time. Indeed, the very fact that the system was compromised in the first place makes it more likely to happen again. Your infected devices could end up playing a role in several botnet attacks without you ever knowing.
What is a Botnet Attack?
A “botnet” attack stems from the fact that a botnet is used to perpetrate the attack, but what is actually happening is known as a DDoS—or Distributed Denial of Service—attack.
In the simplest sense, a DDoS attack denies legitimate users access to a networked service by flooding it with requests for access, to the point that it can no longer manage the number of users attempting to access it.
This kind of attack is time sensitive, as it is the flood of connection requests, all at once, that makes it difficult for the servers to handle it. And, even in the event that a system can handle the attack, it may still dramatically degrade the service being offered, as service providers have to factor in the economic realities of their situation. In other words, they can’t spend a small fortune preparing for volumes of traffic they are never really likely to see. Unfortunately, this is what makes them susceptible to DDoS attacks.
Why a Botnet?
A botnet is a distributed cyber attack, but there is also a simple DoS—Denial of Service. This type of attack can be sent from a single location, even a single system. The problem with this kind of attack- at least, from the perspective of the attackers - is that it is easy to shut down.
Once it becomes clear that the flood of connection requests is coming from the same place, it can be blocked.
By distributing the requests, so that the flood is coming from thousands - even tens of thousands - the attackers make it essentially impossible to block the source. Further compounding their problems is the fact that the sources are mostly innocent users who might not even know their system has been compromised, which raises questions about merely blocking them.
Why Do These Attacks Exist?
There are several reasons why one might perpetuate such an attack, but all of them are malicious. One might do it for ideological reasons, for example, or even revenge. It has also been the case that people in control of large botnets have sent “ransom notes'' to their intended victims, demanding payment in exchange for not attacking their servers.
White Hat Botnets
As with most forms of malicious cybersecurity attacks, there are good guys working with these tools. This means there are a number of botnets for hire, who will point their botnet at your servers for an agreed time and volume for the purpose of testing your server's ability to handle these attacks.
These services often refer to themselves as stressors, or booters, and come with a range of tools for monitoring and analyzing the results. Of course, there is nothing to stop them from renting these services out to people who are not as well-intentioned, but that doesn’t mean they can’t be useful services to system administrators as well.
Protecting Your System From Becoming Part of a Botnet
If you have a computer, server, or even a smartphone or tablet, you could unwittingly become part of a botnet. Fortunately, it’s easy to stay safe, and much of what you need to do is what should be considered standard online safety.
Keeping your device's operating systems up to date, exercising common sense about where you go online and what you click on, and using a decent anti-virus software to keep malicious software clean should be enough for the vast majority of users.
Protecting Your Servers From a Botnet Attack
For most entities, the most cost-effective solution to detect botnet attacks is to make use of a cloud service for that very purpose.
These services work by providing vast amounts of additional bandwidth that your traffic can be routed through during times of heavy traffic—such as a DDoS attack. Essentially, if you think of a botnet attack as too many people trying to get through a door at once, these services open a lot of other doors for people to walk through, and succeed by having far more doors than there are people.
Perhaps the scariest part about botnets is that anyone can be part of one, which has led to them being referred to as “zombie” networks. Fortunately, with a little common sense and adequate security software, most systems can be protected from becoming a zombie. And, as cloud systems continue to evolve, the ability of servers to work around attacks and cyber threats like this becomes more efficient.