A bot herder, is an individual who controls and maintains a botnet by installing malicious software in many computers, placing these devices under his/her control. These "herds" of bot machines, also called zombies, can then be used to attack or infect other computers.

What is a Botnet?

Len Calderone for | RoboticsTomorrow

A botnet is a group of computers connected in a synchronized manner for mischievous purposes. Each of the computers in a botnet is called a bot. These bots form a network of compromised computers, which is controlled by a third party and used to transmit malware or spam, or to attack other computers.

Some refer to botnets as a zombie army. Originally, botnets were created for legal purposes in Internet relay chat (IRC) channels. Hackers exploited the vulnerabilities in IRC networks and developed bots to perform malicious activities such as password theft, keystroke logging, and more.

If a computer user did not have a firewall or anti-virus software, they could be attacked. A botnet manipulator can get in command of a computer in a variety of ways, but most often does so via viruses or worms. Botnets are significant because they have become tools that both hackers and organized crime use to perform illegal activities online.

Hackers use botnets to launch coordinated denial-of-service attacks, which are cyber-attacks where the perpetrator seeks to make a computer or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet.

Organized crime uses botnets to spam. Originating from the name of Hormel's canned meat, "spam" refers to junk e-mail or irrelevant postings to a newsgroup or bulletin board. The unsolicited e-mail messages you receive about refinancing your home, reversing aging, and losing those extra pounds are all considered to be spam.

Criminals also send a phishing attack that is then used for identify theft. Phishing is the attempt to obtain sensitive information such as usernames, passwords, and credit card details by disguising as a trustworthy entity in an electronic communication. Phishing emails may contain links to websites that are infected with malware.

Even more troublesome is the industry that has sprung up around botnets in which “bot herders” build botnets specifically to "rent" to the highest bidder. Whether they send spam, adware, spyware, viruses, or worms, botnets can be used to perpetrate just about any type of digital attack.

 

A bot herder, is an individual who controls and maintains a botnet by installing malicious software in many computers, placing these devices under his/her control. These "herds" of bot machines, also called zombies, can then be used to attack or infect other computers. The herder takes control of the botnet through a command-and-control server, which communicates via protocols such as Internet Relay Chat or peer-to-peer networking. Bot herders can also rent their herds to other cybercriminals.

It is very difficult or even impossible to stop an attack when a hacker is utilizing hundreds or even thousands of devices, when each device has its own unique IP address; and it is practically impossible to stop the attack or distinguish legitimate users from fake ones.

Botnets are not new going back to 2000, when hackers began using botnets by gaining access to unsecured devices (computers then) in order to create DDoS (distributed denial of service) attacks. Now, the Internet of Things (IoT) has made the problem much worse.

The market has been flooded with inexpensive IoT devices, such as webcams, baby monitors, thermostats, and even appliances that are connected to the Internet—each with its own IP address. The problem is that these devices have little or no built-in security, and even when they do, users often do not take the initial step of setting a password for them.

 

The range of DDoS attacks includes those that flood servers with a large amount of traffic to shut them down. Other attacks are known as application denial-of-service attacks. The most frequent DDoS attacks work at a network level, blasting meaningless traffic at target systems, hoping to overpower the system and exhaust all available bandwidth—this is the universal understanding of what a DDoS signifies for most people. Other denial-of-service attacks can consist of locking users out, through multiple failed password reset attempts, or destroying databases and disrupting services in more specific ways.

These attacks are hard to defend against because it is hard to identify the attacker from the legitimate traffic during a DDoS attack. Identifying an attacker with a backdrop of legitimate users to an online service can be tricky. With a dwindling bandwidth it is difficult to stop the attack.

In October of 2016, a botnet comprised of an estimated 100,000 unsecured IoT devices took an integral Internet infrastructure provider, Dyn, partially offline. As a result, many high-profile and high-traffic websites, including Netflix and Twitter, disappeared from the Internet for a short time.

Hackers can use botnets to perpetrate click fraud. Online advertising services pay by the click. They can also evade spam filters, mine bitcoins and even speed the process of guessing passwords.  

 

There are millions of botnet attacks every year. Device owners don’t realize they are part of a botnet. Botnet attacks have traditionally taken the form of large volume DDoS or spam attacks, but have been lessened by web application firewall solutions. However, there is a worrying shift towards attacks that are managing to bypass existing controls.

An attack that breaches customer accounts, or opens many fraudulent new accounts, could be enough to undermine a business’ reputation and long-term revenue. Just a small break in a business’ defenses can put thousands of customers at risk.

High-volume attacks are easier to detect and prevent, so criminals have changed their attacks to look like legitimate customer traffic. They are using low and slow strategies rather than high volume/high-frequency attacks. This allows them to bypass firewall solutions that would usually detect high-volume attacks.

Individuals can protect themselves from having their computer made part of a botnet by not clicking on suspicious links that you’re not sure of; do not download any attachments that you did not request; check to see if your antivirus and antispyware software are activated, patched and up-to-date; make sure that your firewall is on and set to the maximum security level; and keep all your software up to date.

Botnet attacks are one of the biggest threats to digital business, making it harder to detect the good customers from the assault of bad ones. Companies need a better way to authenticate user transactions. Only through combining the power of shared global intelligence with dynamic identity assessment that business can be sure of more complete fraud protection

 

For more information:

  1. https://www.akamai.com/us/en/multimedia/documents/social/q4-state-of-the-internet-security-spotlight-iot-rise-of-300-gbp-ddos-attacks.pdf

  2. http://www.clico.pl/services/practical-defense-in-depth-protection-against-botnets

 

 

The content & opinions in this article are the author’s and do not necessarily represent the views of RoboticsTomorrow

Comments (0)

This post does not have any comments. Be the first to leave a comment below.


Post A Comment

You must be logged in before you can post a comment. Login now.

Featured Product

OnLogic Helix 511 Fanless Intel 12th Gen Edge Computer

OnLogic Helix 511 Fanless Intel 12th Gen Edge Computer

OnLogic's Helix 511 Fanless Edge computer delivers ultra-reliable, fanless computing using Intel® 12th Generation performance hybrid processing. The Helix 511 is a versatile fanless computer capable of powering solutions including advanced automation, light detection and ranging (LiDAR), access control & building automation, or virtually any other IoT or edge gateway functionality needed, with support for 4 simultaneous serial connections. The system is able to reliably operate in temperatures ranging from 0 to 50°C, can accept power input ranging from 12 to 24 Volts, and is Wall, VESA and DIN rail mountable.