A botnet is a collection of internet-connected devices that an attacker has compromised.
Botnets act as a force multiplier for individual attackers, cyber-criminal groups and nation-states looking to disrupt or break into their targets’ systems.
Commonly used in distributed denial of service (DDoS) attacks, botnets can also take advantage of their collective computing power to send large volumes of spam, steal credentials at scale, or spy on people and organizations.
Malicious actors build botnets by infecting connected devices with malware and then managing them using a command and control server.
Once an attacker has compromised a device on a specific network, all the vulnerable devices on that network are at risk of being infected.
A botnet attack can be devastating. In 2016, the Mirai botnet shut down a large portion of the internet, including Twitter, Netflix, CNN and other major sites, as well as major Russian banks and the entire country of Liberia.
Mirai took advantage of unsecured internet of things devices such as security cameras, installing malware that then attacked the DYN servers that route internet traffic.
Why we can’t stop botnets
The challenges to shutting botnets down include the widespread availability and ongoing purchases of insecure devices, the near impossibility of simply locking infected machines out of the internet, and difficulty tracking down and prosecuting the botnet creators.
When consumers go into a store to buy a security camera or other connected device, they look at features, they look for recognizable brands, and, most importantly, they look at the price.
Security is rarely a top consideration.
How to prevent botnet attacks
The Council to Secure the Digital Economy, in cooperation with the Information Technology Industry Council, USTelecom and other organizations, recently released a comprehensive guide to defending enterprises against botnets. Here are the top 4 recommendations.
1. Update
Botnets use unpatched vulnerabilities to spread from machine to machine so that they can cause maximum damage in an enterprise. The first line of defense should be to keep all systems updated.
2. Lock down access
The guide recommends that enterprises deploy multi-factor and risk-based authentication, least privilege, and other best practices for access controls.
3. Don't go it alone
The anti-bot guide recommends several areas in which enterprises can benefit by looking to external partners for help. For example, there are many channels in which enterprises can share threat information, such as CERTs, industry groups, and vendor-sponsored platforms.
4. Deepen your defenses
It's no longer enough to secure the perimeter or endpoint devices. You need multiple defensive systems. Isolating IoT devices on a separate part of the network is one recommended approach.