Page 81 - Cyber Defense eMagazine December 2022 Edition
P. 81
botnet attacks in 2004 — called Bagle — botnets have taken advantage of internet relay channel (IRC)
protocols to instigate infection.
The architecture evolved as botnets advanced to disguise their activity in a few ways. They began to use
fake IP addresses and HTTP protocols instead of IRC because hackers masked it as typical internet
usage. This client-based system was risky since it relied on connectivity to a server connected to the
herder to issue orders.
That worry dissipates with peer-to-peer (P2P) botnets since the bots can communicate with each other
to perform tasks instead of being connected to a client. This decentralized nature makes them more
challenging to detect.
Creating a botnet is advantageous for hackers since these groups are profitable in more ways than one.
The bot herder — the hacker behind the botnet — can instigate potentially lucrative attacks and rent out
the net to other cybercriminals to use for whatever purposes they desire. The botnet can stay in operation
for a long time without detection, so others may find value in the network a hacker built.
How Do They Work?
Botnets initiate the same way many attacks do — they find a vulnerability. The goal is to exploit that
exposure without the target knowing. They first start by creating what some analysts call a zombie army.
The first objective of the botnet is to increase the number of infected devices with any method, like spam
and trojan horses. Then, the herder can initialize commands to steal data or install malware.
Popular botnets have thrived for over a decade. One of the most well-known is called Zeus or Zbot. It
had over 3.6 million devices in its network in 2009, but eventually, it had to rebrand and switch to a
decentralized architecture to stay hidden.
Another is Mirai, which exposed the vulnerabilities of IoT-connected devices. Mirai overtook sensors and
security systems to perform bricking attacks — deleting a device’s firmware. To demonstrate the
accessibility of botnet attacks, college students created Mirai to hack the popular internet game Minecraft
— not a Fortune 100 corporation. They saw how much a Minecraft server could make a month and
decided to capitalize on that as a side hustle that unfortunately went awry.
Other botnets seek to do more than just attack unsuspecting devices. Bot herders can also automate
them to mine cryptocurrency, like Sysrv, especially since the prices are constantly in flux. It provides
herders stability despite volatile prices if they can keep mining. This is problematic, especially since the
nature of cryptocurrency is anonymous, giving botnets an extra layer of protection from identification.
What Protections Can People Take?
Technology isn’t defenseless against botnets despite their durability. This is especially true since almost
all causes of botnet attacks — including phishing and brute force hacks — are problems analysts must
Cyber Defense eMagazine – December 2022 Edition 81
Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.