Kinaro's blog of things

Botnets

June 13, 2019

Zombie computing devices used my hackers to commit illicit activities online. These range from compromised servers, personal computers and IoT devices exposed to the internet. Hackers use vulnerabilities in software to install malware that connects the devices to a Command & Control server which issues commands to be executed.

Once in control of an attacker, the connected devices can be used for a wide variety of nefarious activities, such as joining cryptocurrency mining pools to make profites for the attacker. They are also used to send spam emails, perform online fraud, or to spy on devices connected to the same network.

Another common abuse is performing distributed denial of service attacks. In 2016, the Mirai botnet malware was used to perform distributed denial of service attack which knocked some online services down for hours. Dyn DNS was one such service. DNS is used to resolve the human-readable domain names to IP addresses. The attackers sent more requests than Dyn could handle, which caused an outage as the DNS servers got overwhelmed by traffic.

Tips to keep devices safe

  • Install the latest security updates to plug vulnerabilities before they are exploited. These are released on a regular schedule to fix bugs.
  • Logically group network devices according to the functionalities they provide. Using Virtual Local Area Networks is a good way to isolate possible points of failure by reducing the attack surface.
  • Install an antivirus to defend against malware. Although AV may not offer a complete solution, when coupled with an exploit protection tool such as Microsoft’s Enhanced Mitigation Experience Toolkit, can provide a solid defense against malware.
  • Use network firewalls to filter traffic for potentially malicious traffic. This is up to the network administartor to implement.

Felix Kinaro

Github TwitterContact