A botnet is a collection of devices connected via the Internet, each running a single bot or a series of bots. DDoS attacks are the most common use of botnets, and in fact, everyone uses bots these days. Bots have become a legitimate tool for web applications and services in almost all major industries, from banking to e-commerce, as consumers demand a more personal approach to their online activities, such as being available 24/7 while providing an exceptional customer experience.
But there are many cases of bots being leveraged for malicious purposes. In such cases, the “bad bots” will mimic human behavior to wreak havoc on the service or copy information to tarnish the affected revenue. But bots are not bots.
Who is in charge of the botnet?
A botnet is a network of computers infected with malware that is under the control of a single attacking entity, the “bot-herder”. Threat actors command every machine in their botnet to simultaneously launch a coordinated attack, in most cases a DDoS attack. The scale of a botnet can consist of millions of bots, allowing an operator to carry out attacks that were previously impossible with just one machine.
The botnets are under the control of a remote operator in a method known as Command and Control (C&C), where each machine receives updates to change its behavior on the fly. With this ability, the “bot raider” can rent out his bots to other operators in underground markets and forums. One of the main advantages of a botnet is harnessing the computing power of hundreds or thousands of machines. Because the attacks come from so many different devices, it obscures the perpetrator’s origins, making it harder for them to block or track them.
Various reports indicate that 2022 saw a 20% increase in DDoS attacks, and most of these attacks naturally used botnets. In 2020, 25% of internet traffic was attributed to botnets, with 59% attributed to human activity. And in this area of concern where a quarter of internet traffic is attributed to botnets, there has been a 200% growth in activity attributed to botnets. Amotet, a well-known botnet. Emotet is both a botnet and malware that can extract data, often related to finance, from infected devices. Emotet is operated by experienced threat actors and was shut down in January 2021, the botnet returned in early 2023 and has since gradually increased its activity.
Are legacy botnets “trustworthy” to DDoS attackers?
A good example of an old botnet that is still a major threat is Mirai botnet, known for engaging IoT devices to launch DDoS attacks and still affecting IoT devices today. In February 2022, there was an increase in the use of Mirai for an attack that allowed unauthenticated remote code execution. Mirai is a malware that was discovered back in 2016, with source code made available to everyone. With new versions popping up all the time, Mirai is still a major threat in the cyberscape. As the number of IoT devices continued to increase naturally in 2022, so did the use of Mirai by DDoS threat actors.
Mirai will likely be the most common botnet in 2023, as manufacturers and users pay less attention to securing IoT devices, resulting in an increase in botnets. Official reports indicate that in 2022, over 70% of mobile devices will be smart devices and that 99% of mobile data originates from these smart devices. These statistics indicate a fertile battlefield for DDoS threat actors, and their leading weapon in 2022 was the Mirai botnet, so Mirai is here to stay. Another great example of a veteran botnet is the Mantis botnet, which hijacked virtual machines and servers hosted by cloud companies instead of relying on low-bandwidth IoT devices.
Mantis was used in a short but record-breaking DDoS attack in June 2022 that peaked at 26 million HTTPS requests per second. During these attacks, Mantis is still considered “small but mighty”. The botnet consisted of 5,067 devices, with each node averaging about 5,200 requests per second. In 30 seconds, it generated 212 million HTTPS requests from more than 1,500 networks in 120 countries. The Mantis botnet operates a small fleet of about 5,000 bots but can generate enormous power and is becoming more popular as time goes on.
What Can You Do Against Botnet DDoS Attacks?
The only way to achieve true DDoS resilience and keep the network safe from botnet DDoS attacks is to continuously uncover blind spots and remediate the most relevant DDoS risks. To do this, a CISO must be well-acquainted with the top DDoS threats. That’s why we’ve just released the complete eBook on the Top 5 Botnets of 2023. Because even with the best DDoS mitigation solution in place, any organization suffer exposure of up to 75% of their dynamic DDoS attack surface. Organizations are extremely vulnerable to DDoS attacks, and a criminal using one of the top five botnets to carry out a DDoS attack will likely succeed in his attempt. Get the eBook now to achieve true DDoS resilience.
Meet the top 5 botnets of 2023
.
