The increase of IoT devices and their lack of security is giving rise to several cyber threats, including botnets. Botnets not only target corporate devices but infect home IoT devices like security cameras. One of the largest botnet attacks was the Mirai botnet attack in 2016. Hackers managed to infect 500,000 devices and used them to engage in DDoS attacks which shutdown services like Spotify and Netflix.
Although the attack happened in 2016, Mirai botnet (as well as other botnets) is still active today. A report by Fortinet found that Mirai was one of the most active botnets in the second quarter of 2018.
Source: Spamhaus Botnet Threat Report 2019
What is a Botnet?
A botnet is a network of IoT devices that have been infected with malware and are controlled by hackers. Hacker control networks of infected devices by having them communicate using peer-to-peer networks or through a command and control (C&C) server.
How Do Botnets Work?
Hackers start creating botnets by first infecting as many devices as possible. This is done through spreading malware via malicious email attachments, pop up ads or downloads. Some botnets can self propagate and scan for vulnerable devices to infect automatically.
Once a device is infected, hackers will try to control the devices. They can either use a peer-to-peer connection where infected devices share communication with other infected devices or connect the device to a C&C server. The C&C server is where hackers relay instructions to control the infected devices. Hackers often spread C&C servers throughout the world so they’re more difficult to find and bring down.
Being able to control hundreds of thousands of computers all at once allows hackers to engage in large scale attacks. Examples of malicious activities botnets can carry out include DDoS attacks, send out viruses, steal data and more. Botnets can be hard to detect because they don’t use a large amount of computing power, meaning they can infect devices for years.
How to Protect Against Botnets
Since botnets are hard to detect, preventing your device from being infected is critical. Here are three things you can do to defend against botnets.
1. Employ advanced protection: Integrating advanced security solutions like those from our security solutions package (Secure IT) can help protect against botnet infections. Using a combination of antivirus, endpoint protection, SIEM and firewalls will provide multiple layers of defense and reduce opportunities for hackers to infect your systems.
2. Patch and update regularly: Using legacy systems or failing to update your software and hardware can leave you vulnerable to attacks. It’s important to make sure that your systems, applications and browsers are always updated to the latest version. Patching against these security vulnerabilities can prevent hackers from using known exploits and infecting your devices.
3. Isolate infected machines: Detecting and removing infected machines from your network helps prevent the threat from spreading to other devices. As soon as an infected computer is discovered, it’s important to disconnect the device right away. Once you’ve isolated the infected machine, you need to clean the machine and remove the malware. If a computer is not cleaned up properly after an infection, it can become reinfected.