Why Botnets Remain the Go-To Weapon for Cybercriminals

For almost two decades, botnets have plagued our networks. Named by combining the words robot and network, a botnet is a network of computers that are infected with malicious software and remotely controlled by cybercriminals known as botmasters.

This task force of bots carries out repetitive, nefarious missions issued by their cybercriminal operators. Botnets are extremely hard to detect because they lay dormant until triggered to execute their tasks.

Cybercriminals Embrace Botnets

Cybercriminals cause harm with botnets in many ways, such as using the Waledac botnet to conduct a pump-and-dump stock spam campaign or launching denial-of-service (DoS) attacks. Botnets can also be used to track victims’ Internet activity, stealing their credentials and personal information. For example, the infamous Gameover Zeus botnet was primarily used to steal infected victims’ online banking login credentials and then initiate fraudulent transactions. It resulted in more than $100 million in reported losses.

Botnet operators can steal confidential documents, source code, trade secrets or other intellectual property. Botnets are also widely used against political targets by hacktivist groups who control a massive beehive of distributed denial-of-service (DDoS) bots. They use these bots to take down government websites, and some even implement them in an effort to extort victims into paying a ransom in exchange for terminating the attacks.

The Shift to Thingbots

The resiliency of botnets continues to surprise security analysts and law enforcement. In December 2015, IBM X-Force malware researchers found a new variant of the Ramnit banking Trojan and botnet less than a year after it was taken down. While we have seen spam botnets come back after being taken down, this is the first time we have seen a banking botnet come back to life.

Aside from new and reappearing botnets, another, newer angle to this threat is the thingbot — a botnet composed of infected Internet of Things (IoT) devices. These types of malicious activities, whether they leverage botnets or newer thingbots, can wind up costing businesses millions to remediate because they are primarily responsible for the loss of money and personal information of customers and employees.

Botnet components are widely available on the Dark Web, which makes them an appealing and effective tool for attackers. A new IBM X-Force research report takes a look at botnets in detail and at one particular botnet for sale in an underground marketplace. The report highlights the most commonly used botnet protocols, malicious uses of botnets and the botnet trends observed from IBM Managed Security Services data.

Read the full IBM Research Report: The inside story on botnets

Contributor'photo

Dave McMillen

Senior Threat Researcher, IBM Managed Security Services

Dave brings over 25 years of network security knowledge to IBM. Dave began his career in IBM over 15 years ago where he...