A botnet is a collection of internet-connected devices infected by malware that allow hackers to control them. Cyber criminals use botnets to instigate botnet attacks, which include malicious activities such as credentials leaks, unauthorized access, data theft and DDoS attacks.
Botnet owners can have access to several thousand computers at a time and can command them to carry out malicious activities. Cybercriminals initially gain access to these devices by using special Trojan viruses to attack the computers’ security systems, before implementing command and control software to enable them to carry out malicious activities on a large scale. These activities can be automated to encourage as many simultaneous attacks as possible. Different types of botnet attacks can include:
In other cases, cybercriminals will sell access to the botnet network, sometimes known as a “zombie” network, so that other cybercriminals can make use of the network for their own malicious activities, such as activating a spam campaign.
The number of bots will vary from botnet to botnet and depends on the ability of the botnet owner to infect unprotected devices. For example:
The effects of a botnet attack can be devastating, from slow device performance to vast Internet bills and stolen personal data. There are also legal implications to consider, for example, if your computer is used as part of a botnet attack, you may be legally responsible for the consequences of any malicious activities that have originated from your device.
When the Mirai botnet was discovered in September 2016, Akamai was one of its first targets. Our platform continued to receive and successfully defend against attacks from the Mirai botnet thereafter. Akamai research offers a strong indication that Mirai, like many other botnets, is now contributing to the commoditization of DDoS. While many of the botnet’s C&C nodes were observed conducting “dedicated attacks” against select IPs, even more were noted as participating in what would be considered “pay-for-play” attacks. In these situations, Mirai C&C nodes were observed attacking IPs for a short duration, going inactive, and then re-emerging to attack different targets. Learn more about the Mirai botnet here.
The PBot DDoS malware re-emerged as the foundation for the strongest DDoS attacks seen by Akamai during the second quarter of 2017. In the case of PBot, malicious actors used decades-old PHP code to generate a massive DDoS attack. Attackers were able to create a mini-DDoS botnet capable of launching a 75 gigabits per second (Gbps) DDoS attack. Interestingly, although the PBot botnet was composed of a relatively small 400 nodes, it was able to generate a significant level of attack traffic. Learn more about the PBot malware here.
It is important to understand that a botnet is just a collection of Internet-connected devices under the command and control of a botnet owner. As such, a botnet can be used to launch different types of attacks, each of which may require a different type of protection. Akamai provides several Cloud Security Solutions for detecting and protecting against botnets. These include:
To find out more about which botnet attack protection solution is most appropriate for you and your enterprise, contact Akamai today.