What is Botnet?
A botnet is a group of networks which contains malicious file or data which can affect the devices if they are injected in it. The bots are derived from robots and networks which means the group of networks is controlled through one human user. In the Botnet, the attacks are usually DDoS attacks, steal data and send spam data and allow the attackers to access the device without the user's permission. The whole control is done by the owner using the command and control(C&C) software.
What are Botnets used for?
Botnet attacks are mostly invisible and unknown to the users and very difficult to detect and as the hackers and technology are getting smarter every day, it is next to impossible to detect the attack. As technology has seated in every corner of the place, the issues of security are main concerns especially in terms of money & personal lives.
And among all the attacks in the Botnets, DDoS is common and threatening one which has taken down the biggest giants such as In 2018, Amazon has stated that online cloud in which many websites were relying on was attacked by DDoS attack and had fired 2.3Tbps. Secondly, software development platform GitHub was targeted with the biggest DDoS attack- it saw the traffic of 1.35Tbps at peak and GitHub called for assistance from the Akamai Prolexic, which rerouted the traffic and blocked the malicious data.
Before diving into understanding the workflow of Botnet, we will understand some of the basic terminologies:
The hacker who plots the botnet attacks.
2. C&C Server (Command & Control):
one central computer from which all the infected devices are controlled.
3. Bot Code:
This code is the trojan horse virus or botnet malware that is created for the invasion in the computer without their knowledge.
4. Bot hosts:
are infected devices from the botnet malware.
5. Trojan Horse:
A trojan horse is a type of malicious code that looks legal and authorized but can take control of your computer. Most of the damage is stealing, disrupting, harmful action to your network. And this trojan cannot be replicated from computer to computer.
What are the Weak Links from which the Botnet can hack the system?
Guessing a password:
The latest appliances such as smart TVs, Wi-fi, and security cameras sell the same default password, and one-third of people never change their passwords. And many of them use the same password for all their devices, therefore it’s easy to hack a system.
Botnets are undetectable for years:
If we take the example of the 2016 Mirai Botnets attack, one of the biggest attack in which botnets sits quietly for months and years. The culprit was the botnet called Mirai in which the attacker launched the botnet in 2014 and the attack took place in 2016, means for two years, the botnet spread from machine to machine.
How does Botnet work?
1.) Recruiting new hosts to join Botnet Group through different media:
The hacker sends phishing emails from fake recognizable companies or recruiters, this email has the attachment of malicious links that will redirect you to the spam websites. When users open these emails and click these links, the botnet virus will automatically be installed on their computer.
The infected websites conceal their trojans in images, links, buttons, videos, and different other media like slideshows, files, and ads. Whenever users click or download these infected channels on corrupt websites, the trojan infects the devices without their knowledge.
Weak link target:
The botmaster inspects the weak link or vulnerability to inject a trojan into their devices, finally, when the device is infected, it will find other attached devices to inject trojan and make them join the network of the botnet. By these, the networks get bigger and stronger.
2.) Establishing Link Between Host & Bot:
Bot usually take one or two forms to take control. For initiating the connection in the botnet network, the botmaster creates the paths through the below technique:
Each individual machine is connected to one main server to access the information. All the hosts which are infected by a botnet, it is controlled by the botmaster from only one central server. In some cases, Internet Relay Chat(IRC) is used sometimes to communicate. The disadvantage of these models is that every bot should know the internet address of the central server which is controlling them, which means law enforcement can easily trace the location of the botmaster.
Peer to Peer Network:
This mitigates the Client server limitations, where the connected bots don’t acquire the commands through the C&C server, rather they pass the commands to communicate with bots directly. P2P botnets have a complicated structure than IRC or HTTP botnets because they don't rely on one central server but each botnet works independently as both client and server.
3.) Using the botnet for a cyberattack:
When finally the hacker recruits a large number of infected devices, they finally execute the below different types of attacks.
DDoS( Denial-of-service attack ) Attack:
The DOS attack is an online attack in which malicious files are attached to it for corrupting or infecting the devices, interrupting their normal functioning of devices.
A DDoS attack disrupts the normal traffic of the targeted server or network by a group of malicious bots. In simple terms, it’s like unexpected traffic on the highway which is clogging up the roads.
The botnet attacks are executed online via the Internet, and culprits are hackers and criminals and these cyber attack is getting bigger and more destructive. And the havoc of destruction caused by botnets is in billions of dollars. Take the attacks of 2018. 2017 and 2016 which has stolen many identities and money.
Spyware is malware or malicious software, that is installed in computing devices without the knowledge of the user by invading the device, stealing the information, and throw the blames to other external firms. A botnet sends information from the user to its creator about the passwords, credit card numbers, and other personal data.
Spyware can be detrimental in terms of stealing information. For example, taking the example of Israeli Security agencies attack by Hamas terrorist group, in which spyware was installed on Israeli soldiers. The malicious activities such as recording the user’s phone calls, taking the picture every time user receives a call, stealing the user's contact data, SMS, images, and videos, Capturing the GPS location. This all hyper information was stolen by just one malware "Spyware"
Cryptocurrency mining botnets malware:
Many media outlets are reporting the cryptocurrency mining botnets which are operated the same way as any other bots. Cryptocurrency mining botnets are laundering millions of money to their creators by secretly infecting various devices across the globe. In 2019, half of the computing devices were hijacked due to the botnet named "Smominru", The Botnet was organized around May 2017 had successfully hacked 9,000 tokens worth $3.6 million in 2018.