Cyber Explainer: Botnets

When hackers remotely control a group of Internet-connected devices, they can disrupt a company, not to mention an entire country.

botnet cyber attack

In this series, “Cyber Explainer,” Interset breaks down the five most damaging types of threats facing enterprises, then details the five most effective cyberattack methods criminals use to exact them. For this final installment, we look at botnets, a power-in-numbers attack method.

What It Means
Botnet is a combination of the words “robot” and “network.” It refers to a collection of Internet-connected devices (or “bots”) that are infected by malware—often planted by Trojan horses—then remotely controlled. Thieves can use them to steal data or disseminate spam. Large bot networks are frequently the culprits behind DDoS (or Distributed Denial of Service) attacks, overloading systems to slow them down or knock them offline.

Where You’ve Seen It
The Mirai botnet was behind arguably the largest DDoS incident ever, which took place in October 2016, taking down the DNS-service company Dyn. This interrupted Internet access throughout the Eastern seaboard, including servers at Twitter, Amazon (AWS), New York Times, Netflix, and Reddit. It also impacted 900,000 Deutsche Telekom customers in Germany, 2,400 TalkTalk home routers in the U.K, and reportedly derailed web access across the entire country of Liberia.

How to Stop It
Some of these attacks use command-and-control centers to dispatch actions throughout the botnet. But as they grow more sophisticated, these assaults have become less centralized, and therefore less visible. Some security insiders recommend avoiding Windows systems, file attachments, and limiting employee administrator access. While these protective measures may seem intuitive, they are not realistic. Taking a step back and looking at an enterprise’s overall network is the most proactive solution. Companies will achieve this expansive visibility through a security-analytics product that integrates with existing security investments, further leveraging their intel. Here, security teams can observe the behaviors of everything from users to networks to files to endpoints—both individually, and in how they interact with each other—to spot botnet activity. With unsupervised machine learning, the analytics platform will never max-out on data sources or dispatch false-positive alerts.

LEARN MORE Why machine learning is key to impactful threat detection and intelligence