Imagine finding out your computer was part of a cyber attack against Dyn, which provides the network infrastructure to major companies across the world, including Netflix, PayPal, Visa, Amazon and many others.
In October 2016, a large Distributed Denial of Service (DDoS) attack was carried out by a cybercriminal against a major DNS provider, known as Dyn. The attack used a Botnet which is believed to have included various innocent compromised systems.
How is a machine infected?
The problem starts when a machine or many machines become 'infected'. Cyber criminals use malicious software to infect a machine which includes laptops and printers. These bugs could enter a system through email attachments or links from unknown or spoofed emails, software downloaded from malicious sites, or malicious online adverts.
What is a Botnet?
Essentially a Botnet is a cluster of infected machines. Botnets may then be used by cyber criminals to carry out malicious activities. Surprisingly, any machine or system you own such as a company computer or server can be vulnerable to a botnet attack. However, the scary part is that even if a machine is part of a botnet, it may not display any abnormal behaviour. Unfortunately, you may not be able to detect anything unusual.
Can your machines gain immunity from other Botnet infections if it is already infected with one?
Bad news. If your machine has been compromised it is not immune from being compromised by a different Botnet at the same time. A system that has been compromised once is more likely to be compromised again. For that reason, your infected devices could end up playing a role in several Botnet attacks without you realising.
What is a Botnet attack?
Botnets are most commonly used in a Distributed Denial Service (DDoS) attack. This is where access to network services is being denied to users. One reason is due to the numerous requests that are made from the Botnets rapidly. This overloads the system to a point where it can no longer manage the number of users attempting to access it - causing it to crash. If on the other hand, it does manage to handle the attack, it may still deteriorate drastically.
Why do cyber criminals use a Botnet?
A Botnet is a distributed cyber-attack, as various systems at different locations are simultaneously used. There are however alternatives for criminals to use, such as a simple Denial of Service (DoS) attack. An attacker could simply send this type of attack from a single location or system. This type of attack however is easily shut down as the attack is coming from a single source. Attackers will look for alternative methods to attack.
By distributing the requests, the flood of attacks comes from thousands of sources, it is essentially impossible to block the source. As Botnets are made up of mostly innocent users who might not even know their system has been compromised, companies may not want to block these sources.
These attacks are malicious, attackers have also sent “ransom notes'' to their intended victims, demanding payment in exchange for not attacking their servers.
Protecting Your System from Becoming Part of a Botnet
The initial step to resist such a problem is to understand how the problem occurs. Fortunately, it’s easy to protect your systems as much of the process simply consist of applying standard online safety. This includes:
Keep your device's operating systems and applications updated.
Exercising common sense about where you browse the internet, check the address bar for 'HTTPS'.
Be aware of adverts you click on and any files you download.
Ensure you have anti-virus software to keep malicious software clean.
Following these steps should be enough for the vast majority of users, for professional Security Awareness Training for you or your staff, contact us today.
Final thoughts
The unwary part about botnets is that anyone can be part of one without their knowledge. Fortunately, with a standard level of adequate security software, the majority of systems could be protected.
The important thing is for everyone to be aware of standard online safety standards, which may not only prevent a machine from becoming a victim of a botnet but also could prevent you from falling victim to other cybercrimes.
