A botnet is a collection of any type of internet-connected device that an attacker has compromised. Botnets act as a force multiplier for individual attackers, cyber-criminal groups and nation-states looking to disrupt or break into their targets’ systems. Commonly used in distributed denial of service (DDoS) attacks, botnets can also take advantage of their collective computing power to send large volumes of spam, steal credentials at scale, or spy on people and organizations.
Malicious actors build botnets by infecting connected devices with malware and then managing them using a command and control server. Once an attacker has compromised a device on a specific network, all the vulnerable devices on that network are at risk of being infected.
A botnet attack can be devastating. In 2016, the Mirai botnet shut down major swathes of the internet, including Twitter, Netflix, CNN and other major sites, as well as major Russian banks and the entire country of Liberia. The botnet took advantage of unsecured internet of things (IoT) devices such as security cameras, installing malware that then attacked the DYN servers that route internet traffic.
The industry woke up, and device manufacturers, regulators, telecom companies and internet infrastructure providers worked together to isolate compromised devices, take them down or patch them, and make sure that a botnet like could never be built again.
Just kidding. None of that happened. Instead, the botnets just keep coming.
Even the Mirai botnet is still up and running. According to a report released by Fortinet in August 2018, Mirai was one of the most active botnets in the second quarter of this year.
Since the release of its source code two years ago, Mirai botnets have even added new features, including the ability to turn infected devices into swarms of malware proxies and cryptominers. They’ve also continued …