Botnet 101: Everything you need to know about zombie armies, DDoS attacks, and your website


It may have been your assumption that because you successfully graduated from high school, you would no longer have to worry about a bunch of soulless entities being controlled by one evil mastermind selecting you as a target for all kinds of abuse and devastating damage. That is unfortunately incorrect.

The good news is that you’re not going to be finding an insult written in lipstick on your locker any time soon. The bad news is that what a group of computers being controlled by one evil mastermind can do may leave you longing for the days of being cackled at by teenagers. After all, try as they might, teenagers can’t do $40,000 worth of damage in one hour like a DDoS attack can. Here’s a primer on what botnets are, what they’re capable of, and how to protect your website. 

The basics of a botnet

To understand what a botnet can do, you have to understand what a botnet is, and that would be a group of computers that are connected to the internet and have been taken over by malware in order to be used for malicious purposes. These computers – referred to individually as a bot – are controlled by an external source so the computer owner generally isn’t even aware that this has happened. For obvious reasons, botnets are sometimes called zombie armies.

For an idea of how pervasive botnets are, in July of 2014 the director of the FBI’s Cyber Division stated that every second, botnets are gaining 18 infected computers from around the world. He also stated that this amounts to over 500 million infected computers per year.

What a zombie army can achieve

A skilled hacker can do major damage with his or her own computer, so the damage an attacker can do with many computers and many internet connections? In some cases it can be almost unfathomable. 

One of the most common attack methods of a botnet is a DDoS attack. A DDoS attack is a distributed denial of service attack, and where a botnet comes in is in the acronym’s first D – distributed. The attack comes from many computers and many internet connections.

What a DDoS attack does is it denies legitimate users the use of a website or its services. It does so by disrupting an internet-connected host. With a botnet at their disposal, attackers could do this by crashing the web server with seemingly legitimate requests, consuming the resources of a server, load balancer or firewall with incomplete or fragmented packets, or saturating a site’s bandwidth with spoofed packet floods, to name a few methods.

As mentioned above, a DDoS attack has been found to cost an organization about $40,000/hour to deal with. DDoS attacks cause more than just immediate financial damage as well. They’ve been found to cause software and hardware damage, a loss of revenue, loss of consumer trust and financial data or IP theft.

Bots, by the numbers

It’s one thing to understand what a botnet is and what it’s capable of, but that knowledge is all taken to the next level when you understand how common bots really are.

Keep in mind that while virtually every bot involved in a botnet would be considered malicious, not all bots are bad. Many bots come from legitimate sources like search engines and social media, and their job is to crawl and index websites in order to increase those websites’ visibility. So when you read that according to internet security firm Incapsula, bots account for between 52 and 80% of all website traffic, keep in mind that 27% of all website traffic comes from good bots.

Unfortunately, 29% of all website traffic comes from malicious bots. 

Defending against bots and botnets

It isn’t just how common bots are or how powerful botnets can be that make them hard to stop. Bots can also be super advanced, which in turn helps them be super malevolent.

For instance, one of the biggest bot-related threats comes from impersonator bots, specifically Googlebot impersonators. Because Googlebots come from Google and help get websites indexed and ranked in Google results, they’re more than welcome by websites, which of course means there’s no security set up against them. So when a malicious bot can convince a website that it’s a Googlebot? That’s a lot of access given to a bot that probably has very bad intentions. These Googlebot impersonators are the third most commonly used bots in DDoS attacks.

Out of all the stats you’ve read in this article, perhaps this is the one that’s most stunning: 95% of all website attacks come from bots. Obviously then, bots need to be defended against. What makes it difficult is the fact that so many bots are not only good but necessary for the success of a website, so it isn’t possible to just block all bots.

Professional bot mitigation provides bot access control, which distinguishes between good bots, bad bots and suspected bots, and deals with them accordingly. Professional bot mitigation will also provide dedicated security rules for all known vulnerabilities as well as detailed and comprehensive threat analysis. Most people would have jumped at having that kind of protection in high school, so it’s definitely worth considering against an even more potent threat. 


Source link


Leave a Reply

Your email address will not be published.

Share This