Simply put, botnets are collections of devices that work together to perform a criminal action. They can be composed of any type of Internet-connected computer that a cybercriminal can gain control over.
Traditionally, botnets were composed of compromised devices, including desktop computers, Internet of Things (IoT) devices, and mobile phones. As cloud computing has become more popular and inexpensive, some botnet operators have transitioned their botnet infrastructure over to the cloud.
Botnets can be used for a variety of automated attacks. Botnets can be used to scrape websites for information that can be used to build spear phishing emails, inform competitive analysis, and other purposes. Automated attacks using breached credentials to try to compromise a user’s other accounts (credential stuffing) are also popular.
However, the most famous application of the botnet is the Distributed Denial of Service (DDoS) attack. As botnets become cheaper and easier to build, the threat of DDoS attacks is growing, and organizations must deploy DDoS mitigation solutions to protect the availability of their web presence.
Botnets and DDoS Attacks
Most cyberattacks take advantage of some flaw in an organization’s cyber defenses. This could be an unpatched vulnerability in a web-facing application, a user clicking on a phishing email, or any of several different errors.
DDoS attacks are uncommon among the types of cyberattacks because they don’t require the victim to make a mistake. For an organization to be vulnerable to a DDoS attack, the main “mistakes” that it needs to make are the use of modern technology and the failure to deploy a DDoS protection solution.
This is because DDoS attacks are designed to take advantage of the fact that any system has a maximum amount of data or traffic that it is capable of receiving and processing at a time. DDoS attacks are designed to exceed this threshold by sending more data to a target than it is capable of processing.
DDoS attackers use botnets in their attacks in order to guarantee that they are capable of overwhelming the target system. The cybercriminal does not need any specialized hardware or high-bandwidth network connectivity because each bot in the botnet can send a small amount of traffic and the accumulated traffic reaching the victim is more than it can handle.
As botnets become more common and larger, the number and size of DDoS attacks will grow as well. By taking advantage of the growth of the IoT – as well as tools like DDoS amplifiers that enable them to increase the impact of their attacks – cybercriminals operating DDoS botnets have been able to launch larger DDoS attacks than ever before in recent years.
Botnet Prices are Falling Rapidly
DDoS attacks are designed to hurt the availability of an organization’s web presence. This provides some opportunities for cybercriminals to monetize their efforts since, as with ransomware attacks, they can demand a ransom from their target in exchange for stopping the attack.
However, this is not the only option for cybercriminals wishing to make money off of their DDoS botnet. Cybercrime has become a service economy, where skilled hackers will sell their services or tools on the Dark Web. This includes access to DDoS attacks and botnet malware.
DDoS as a service offering allow an individual to rent the services of a DDoS botnet for a set period of time. The cost of doing so has dropped dramatically, with a generic botnet costing about $5 per day to rent.
For those wishing to have a bit more control over their attacks (or not wanting to pay an ongoing fee), cybercriminals also offer botnet builders for sale. This could allow a less skilled cybercriminal to build their own botnet by using the malware to compromise vulnerable machines with a pre-built exploit. Botnet builder software will only set back the wannabe cybercriminal $100 and enables them to operate their own independent botnet to achieve their goals.
Protecting Against the Growing DDoS Threat
Botnets are steadily becoming cheaper to rent, and the price of botnet builders has dropped to $100. This has dramatically lowered the bar to enter the botnet and DDoS markets.
As more individuals become capable of performing DDoS attacks (whether with rented or personally owned botnets), the range of organizations targeted by these attacks will only grow. DDoS attacks are already commonly used by gamers to impact competitors’ gameplay and improve their own standings in the rankings. This trivial use of DDoS attacks demonstrates how affordable the price of a DDoS attack has become.
With affordable DDoS attacks, they can easily become a means for a disgruntled employee to get revenge upon a company or as a means for expressing displeasure with an organization. While many organizations believe that they are “too small” for a major cyber threat actor to attack, the reality is that even minor cyberattackers can do a significant amount of damage. Protecting against DDoS attacks should become a fundamental part of an organization’s cybersecurity strategy. Solutions exist to identify and block attacks from these botnets with little or no impact on legitimate users. Failing to deploy these defenses before an attack begins leaves an organization vulnerable and can cause significant financial losses in terms of lost sales and customers choosing to switch to a “more reliable” competitor.