Page 81 - Cyber Defense eMagazine December 2022 Edition
P. 81

botnet attacks in 2004 — called Bagle — botnets have taken advantage of internet relay channel (IRC)
            protocols to instigate infection.

            The architecture evolved as botnets advanced to disguise their activity in a few ways. They began to use
            fake IP addresses and HTTP protocols instead of IRC because hackers masked it as typical internet
            usage. This client-based system was risky since it relied on connectivity to a server connected to the
            herder to issue orders.

            That worry dissipates with peer-to-peer (P2P) botnets since the bots can communicate with each other
            to perform tasks instead of being connected to a  client. This decentralized nature makes them more
            challenging to detect.

            Creating a botnet is advantageous for hackers since these groups are profitable in more ways than one.
            The bot herder — the hacker behind the botnet — can instigate potentially lucrative attacks and rent out
            the net to other cybercriminals to use for whatever purposes they desire. The botnet can stay in operation
            for a long time without detection, so others may find value in the network a hacker built.



            How Do They Work?

            Botnets initiate the same way many attacks do — they find a vulnerability. The goal is to exploit that
            exposure without the target knowing. They first start by creating what some analysts call a zombie army.
            The first objective of the botnet is to increase the number of infected devices with any method, like spam
            and trojan horses. Then, the herder can initialize commands to steal data or install malware.

            Popular botnets have thrived for over a decade. One of the most well-known is called Zeus or Zbot. It
            had over 3.6 million devices in its network in 2009, but eventually, it had to rebrand and switch to a
            decentralized architecture to stay hidden.

            Another is Mirai, which exposed the vulnerabilities of IoT-connected devices. Mirai overtook sensors and
            security  systems  to  perform  bricking  attacks  —  deleting  a  device’s  firmware.  To  demonstrate  the
            accessibility of botnet attacks, college students created Mirai to hack the popular internet game Minecraft
            — not a Fortune 100 corporation. They saw how much a Minecraft server could make a month and
            decided to capitalize on that as a side hustle that unfortunately went awry.

            Other botnets seek to do more than just attack unsuspecting devices. Bot herders can also automate
            them to mine cryptocurrency, like Sysrv, especially since the prices are constantly in flux. It provides
            herders stability despite volatile prices if they can keep mining. This is problematic, especially since the
            nature of cryptocurrency is anonymous, giving botnets an extra layer of protection from identification.




            What Protections Can People Take?

            Technology isn’t defenseless against botnets despite their durability. This is especially true since almost
            all causes of botnet attacks — including phishing and brute force hacks — are problems analysts must





            Cyber Defense eMagazine – December 2022 Edition                                                                                                                                                                                                         81
            Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.
   76   77   78   79   80   81   82   83   84   85   86