Why Botnets Remain the Go-To Weapon for Cybercriminals

For almost two decades, botnets have plagued our networks. Named by combining the words robot and network, a botnet is a network of computers that are infected with malicious software and remotely controlled by cybercriminals known as botmasters.

This task force of bots carries out repetitive, nefarious missions issued by their cybercriminal operators. Botnets are extremely hard to detect because they lay dormant until triggered to execute their tasks.

Cybercriminals Embrace Botnets

Cybercriminals cause harm with botnets in many ways, such as using the Waledac botnet to conduct a pump-and-dump stock spam campaign or launching denial-of-service (DoS) attacks. Botnets can also be used to track victims’ Internet activity, stealing their credentials and personal information. For example, the infamous Gameover Zeus botnet was primarily used to steal infected victims’ online banking login credentials and then initiate fraudulent transactions. It resulted in more than $100 million in reported losses.

Botnet operators can steal confidential documents, source code, trade secrets or other intellectual property. Botnets are also widely used against political targets by hacktivist groups who control a massive beehive of distributed denial-of-service (DDoS) bots. They use these bots to take down government websites, and some even implement them in an effort to extort victims into paying a ransom in exchange for terminating the attacks.

The Shift to Thingbots

The resiliency of botnets continues to surprise security analysts and law enforcement. In December 2015, IBM X-Force malware researchers found a new variant of the Ramnit banking Trojan and botnet less than a year after it was taken down. While we have seen spam botnets come back after being taken down, this is the first time we have seen a banking botnet come back to life.

Aside from new and reappearing botnets, another, newer angle to this threat is the thingbot — a botnet composed of infected Internet of Things (IoT) devices. These types of malicious activities, whether they leverage botnets or newer thingbots, can wind up costing businesses millions to remediate because they are primarily responsible for the loss of money and personal information of customers and employees.

Botnet components are widely available on the Dark Web, which makes them an appealing and effective tool for attackers. A new IBM X-Force research report takes a look at botnets in detail and at one particular botnet for sale in an underground marketplace. The report highlights the most commonly used botnet protocols, malicious uses of botnets and the botnet trends observed from IBM Managed Security Services data.

Read the full IBM Research Report: The inside story on botnets

Share this Article:
Dave McMillen

Senior Threat Researcher, IBM Managed Security Services

Dave brings over 25 years of network security knowledge to IBM. Dave began his career in IBM over 15 years ago where he was part of a core team of six IBMers that created the IBM Emergency Response Service which eventually grew and evolved into Internet Security Systems. As an industry-recognized security expert and thought leader, Dave's background in security is full featured. Dave thrives on identifying threats and developing methods to solve complex problems. His specialties are intrusion detection/prevention, ethical hacking, forensics and analysis of malware and advanced threats. As a member of the IBM MSS Threat Research Team, Dave takes the intelligence he has gathered and turns out immediate tangible remedies that can be implemented within a customer’s network or on IBM MSS's own proprietary detection engines. Dave became interested in security back in the late 1980's and owned and operated a company that provided penetration and vulnerability testing service, one of the first of its kind. As the internet's footprint began to grow, it became clear to him there was a new problem on the horizon; protecting data. Dave worked with WheelGroup (later acquired by Cisco) where he helped develop NetRanger IDS and NetSonar. Dave also assisted with development of the very first IBM intrusion detection system, BillyGoat. Dave also has developed several other security based methods and systems which were patented for IBM.