Tag Archive for: botnets

What Are Botnets? Botnet Attacks Explained

/in


Botnets (derived from “robot networks”) are networks of computers or devices that have been compromised by malware and are under the control of a remote attacker (often called a botmaster or bot herder).

Bad actors can launch malicious attacks like distributed denial-of-service (DDoS), credential theft, service disruption, spam campaigns, or click fraud, or use botnets to gain unauthorized access to critical systems. Many of these could crash or cripple an organization’s IT infrastructure.

How do botnet attacks work?

A botnet attack is activated when a malicious actor takes control of multiple computers (zombie devices or bots) in a network and infects them with malware. These bots become a network of enslaved computers. The bot herder (or bot master) uses them to launch attacks on enterprise networks, such as sending spam, stealing sensitive data, or even crashing websites.

The bot herder uses a command-and-control (C&C) server to communicate with the zombie or bot computers—the infected computers that make up the botnet—and issue commands, allowing the attacker to coordinate the actions of the botnet and direct its resources toward a specific target.

Command-and-control servers in botnet attacks

There are two types of C&C servers: centralized and decentralized. Both are susceptible to botnet attacks, but the approach is different.

Centralized: Client-server model

On a centralized C&C server, the bot herder and bots are connected to the same central hub for communication and commands. The bot herder issues commands to the bots, and they respond by sending back information or executing the commands. 

This makes the C&C server a single point of failure, which can be taken down by law enforcement or security researchers.

Decentralized: Peer-to-peer (P2P) model

This model requires each infected device to communicate directly with other bots, and the bot herder can issue commands to the entire botnet or specific bots through a single bot. 

This type of C&C server has no single point of failure, making it more difficult for defenders to shut down.

Stages of building a botnet

There are three stages of building a botnet: prepare…

Source…

Internet Security Solutions: Botnets Part 1

/in



Botnets, Trojans, DDoS From Ukraine and Russia Have Increased Since Invasion

/in


Activity from IP addresses in Ukraine and Russia has shown a substantial spike in malware, helping botnets spread since February 2022.

The data comes from security researchers at Top10VPN, who shared a report about the findings with Infosecurity ahead of publication.

In particular, Trojan malware with more significant increases in activity from Ukraine and Russia IP addresses since February 2022 included Citadel Trojan, CoreBOT Trojan, Wauchos Trojan and Nivdort Trojan.

“Some of the biggest sustained increases in malware activity since the war began were in Ukraine [and] have related to trojans, several of which can be used to create botnets,” wrote Simon Migliano, head of research at Top10VPN.

“This suggests that bad actors may have been targeting Ukraine, where cybersecurity has naturally been a lower priority for much of the population, in order to expand their botnets.”

Further, the report suggested an increase in the Avalanche malware families using Russian and Ukraine IP addresses despite the shutdown of the crime syndicate in 2016. In this regard, Top10VPN observed individual daily surges of as much as 1500% compared to before February.

“Despite the dismantling of major botnets Avalanche and Andromeda/Gamarue several years ago, some of the key malware families that were hosted on the now-defunct networks have been particularly resurgent in Ukraine and Russia in recent months,” Migliano added.

“While this is not to suggest that these networks have somehow been resurrected, it’s concerning to observe increases in the threat posed by this malware localized to countries directly involved in a major conflict.”

The report also noted that distributed denial-of-service (DDoS) attacks originating from Ukraine increased 363% in March compared to the average before February.

“These distributed denial-of-service (DDoS) attacks became relentless once Russia’s military invaded Ukraine on February 24, as the Kremlin sought to weaken its enemy by knocking offline critical networked infrastructure,” Migliano explained.

Further, while the most significant increases in malware activity have come from Ukraine IP addresses, Top10VPN noted that there have…

Source…

Internet Security Solutions: Botnets Part 2

/in