The term botnet – short for robot network - refers to a network of devices infected with malware controlled by a remote actor over the internet. Often, the owner of the 'bot,' or the compromised device participating in the botnet, does not know that it is infected.
How do bots join the botnet?
A common way for attackers to take control of your device is by sending out phishing emails. These emails look like they come from a trusted organisation, such as your bank, a government agency, or a business you are dealing with. If you click the link in the email, it downloads and installs malware that exploits vulnerabilities to allow the attacker to take control of your device and include it in a botnet.
Botnets start off small and grow over time. The more devices an attacker can control, the more effective the botnet. Botnets are also capable of self-propagating – an infected device (a bot) can launch automated attacks against additional devices. Once infected, they too become part of the botnet.
Out of date?
Attackers compromise devices by exploiting software vulnerabilities. End-of-life devices and those with software and systems that have not been updated are particularly vulnerable to external attackers. This could include routers, personal computers, smartphones and internet of things (IoT) devices such as smart TVs and security cameras.
What do botnets do?
Cybercriminals can use botnets to carry out a range of attacks, such as:
-
Launching distributed denial-of-service (DDoS) attacks. Multiple bots flood an organisation’s network with traffic and disrupt its services.
-
Stealing your private information.
-
Sending out email spam or phishing emails in bulk.
-
Cryptojacking through the unauthorised installation of crypto mining software to generate profits for the attacker. This consumes a lot of electricity, and the device owners pay the bill.
Big botnets abound
In October 2024, Cloudflare blocked a distributed denial-of-service (DDoS) attack targeting one of its customers. A botnet consisting of around 13,000 devices joined forces in the largest DDoS attack ever recorded.
The threats posed by malicious botnets made up 32% of all internet traffic in 2023.
Dealing with botnets
Botnets can be hard to detect. Protecting against botnets is a shared responsibility – manufacturers, software providers, internet service providers (ISPs) and their customers all have a part to play.
As an everyday internet user, you can take steps to protect against botnets.
- Learn to identify phishing emails. Successful phishing attacks are an easy way for online attackers to get into your network.
Protect yourself against email scams - Own Your Online External Link - Be careful of the websites you visit and only download apps and plugins from websites you trust. If your browser warns you about a site you are about to visit, do not ignore the warning.
- Keep your devices and software updated. When manufacturers and developers identify a vulnerability in their product, they release an update, called a patch, to fix this. Attackers are quick to find and exploit unpatched devices. Turning on automatic updates is a good way to prevent this from happening.
- Avoid using end-of-life products and change the default or weak passwords on your devices, such as your router, to long, strong, unique ones.
Routers are a common gateway for botnets. It is important to strengthen your router’s defences by regularly updating your firmware and changing the default credentials. You can read more about securing your router in our previous issue.
Focus area: Robust Routers | CERT NZ