What are Botnets and How do They Work?

In October 2016, the Mirai botnet unleashed a massive DDoS (Distributed Denial of Service) attack on the US east coast. The creators, a bunch of university students, initially targeted vulnerable IoT devices to create a powerful botnet. But with the code being posted online, other criminal minds are already at work building and modifying the code for bigger and more dangerous attacks. So, what are botnets and how do they work? Our cybersecurity experts answer.

What are botnets?

A botnet is a network of internet-connected devices or bots. When these bots are infected with malicious codes, they are sometimes referred to as zombies. A botnet usually consists of hundreds of thousands of infected computers and devices that hackers control remotely. A botnet can consist of not just computers, but any device that is connected to the Internet. The Mirai botnet used unsecured IoT devices. The botnet is then used to carry out large scale malicious attacks.

How do botnets work?

Your computer can be directly hacked, or you can be tricked into clicking and downloading malicious code from emails or malicious websites. Once infected, the device delivers the message to the hacker or botnet herder. Your computer or device is now a part of the botnet. The worst part is all this happens without you being aware that your system is infected. The only indication can be a slowing down of your system.

Criminals use botnets to

• Primarily to carry out DDoS attacks.
• Send spam emails to millions of users. You may be surprised to know that your computer may be sending out spam to other users, without you even realising it.
• Monitor your web activity and display banner ads targeted at you.
• Create fake traffic to websites or online advertisements.

How can you protect your devices from botnet attacks?

A bot infection can be extremely hard to detect as it uses little bandwidth on an individual computer. Botnets increasingly use IoT devices as they are highly vulnerable and less secured than computers. However, the following steps can help you keep your devices secured from becoming zombies.

• Use security software that provides a comprehensive cover against as many malware as possible. A good security software should be able to detect and remove installed malware and protect against future infections.
• Regularly update your antivirus software to the latest version. This will ensure that your device is protected against all the latest known threats.
• Update your operating system regularly. Enable automatic updates, so that you don’t miss out on any updates. Botnet herders often exploit known vulnerabilities to gain access to unsecured systems.
• Never download attachments or click on links from unknown email senders. Avoid known malicious websites like the plague. In all cases try not to download or click on links from websites that are not well-known. Read our article on how to browse the internet safely.
• Employ strong passwords for all your devices connected to the Internet. Change all default passwords that come with manufactured devices. Most IoT devices like security cams, or video recorders may come with hardcoded passwords that cannot be changed. They cannot also be updated or patched like PCs or smartphones, making them highly vulnerable.

It takes only a few minutes for devices to become infected. Unfortunately, till IoT manufacturers can plug in vulnerabilities, and create a more robust security environment, remaining vigilant is necessary. It is essential that all your devices are protected all the time with a comprehensive security cover. Speak to our cybersecurity experts for a complete security solution. Contact us or email us at cybersecurity@computingaustralia.group.

Jargon Buster

loT – Internet of Things – a collective term to describe physical objects that connect to the Internet. IoT devices generally mean devices that usually are not expected to have an internet connection, like smart security systems, fitness trackers or smart refrigerators. 
DDos attack – Distributed Denial of Service attacks are a form of cyberattack where a server is overwhelmed by more traffic than it can handle and shuts down.