Botnets leading to DDoS Attacks

Botnets are essentially a set of Internet-based computers under a common controller. These are legitimate networks of computers that have been hacked and under the control of criminal hackers. The hacker can then use these computers to send out spams or launch DDOS attacks, where the bots of the botnet are commanded to direct large volumes of communication requests to a targeted system.

There are millions of DDoS attacks from internet providers worldwide, including a wide range of regional providers, global transit and cloud companies. The distributed denial of service (DDoS) attack peaked at 26 million requests per second this past June. These massive botnet-induced attacks are targeting service providers. Carriers and cloud providers deployed billions of dollars of dedicated DDoS scrubber appliances and, for a time, gained the upper hand on the attackers.

These attacks are carried out to degrade or disable the performance and network communications of target systems. These targets can be small or large businesses, internet service providers, manufacturers, retailers, healthcare providers, schools and universities, or other nation-states. Essentially, any entity with an online presence can become a DDoS target.

The bots of a botnet can include computers, smartphones, virtualized machines, and/or a wide range of Internet of Things (IoT) devices such as IP cameras, smart TVs, routers, anything that has internet connectivity and can be compromised. In particular, IoT vulnerabilities and misconfigurations are extremely common in the consumer market making it very easy for hackers to create an IoT botnet.

The explosive growth in IoT and cloud computing paved the way for the rise of IoT botnets that amplifies DDoS attacks today. Combined with an increasingly lucrative extortion market, it represents a major shift in the DDoS threat landscape. This is a dangerous warning that the possibility of a sophisticated DDoS attack and a prolonged service outage will prevent businesses from growing.

IoT devices include a huge range of commercial and consumer devices such as temperature measurement systems, smart TVs, IP cameras, smart door bells, security systems, network routers & switches, and even children’s toys.

Despite a huge amount of commentary and warnings about IoT vulnerabilities and well-understood fixes to improve their security, basic defenses such as requiring effective passwords and not allowing default logins and user accounts are still ignored. Another source of IoT vulnerabilities comes from vendors not providing updates to address security problems and or the device owners failing to apply updates.

To increase website ad revenues—advertising networks such as Google pay-per-click on adverts the websites serve—botnets are used to fake user interaction. Because of the distributed nature of the sources of the clicks, it’s hard for the ad networks to identify click fraud.

Secondly, by running the algorithms that mine cryptocurrencies such as Bitcoin and Ether on tens of thousands of bots—an IoT botnet is the perfect platform. It thereby steals computer power from the device’s owner, and allows significant revenue without the usual costs of mining, most importantly, the cost of electricity.

Botnets are here to stay. Given the exponential growth of poorly secured IoT devices that can be co-opted into an IoT botnet as well as the growing population of vulnerable computers, botnet attacks have become endemic. As a cyber warfare tool, botnet and DDoS attacks have been observed on both sides of the Russian operation against Ukraine.