What is a botnet?

A botnet is a group of internet-connected devices with computing power that are infected with a particular piece of malware. This common malware links the devices into a network under the control of one bad actor.

What devices are vulnerable?

In the past, computers were at the center of the botnet. With the rise of smart devices (and the poor security often applied to them), they are much more frequently included in botnets. Other devices that can be grouped into botnets include routers, servers, tablets, and phones.

What is the bad guy’s goal?

Botnets basically become zombie networks of devices under a bad guy’s control. They can be used to perform a variety of tasks for the bad guy. Some examples include:

• Harvesting information. Once the bad guy has access to a device, he or she has access to any unencrypted information on it.
• Brute force attacks. Bad guys can leverage the botnet’s computing power to break into accounts by trying one sign in/password combination after another.
• Mining cryptocurrency. Some systems distribute new cryptocurrency into circulation as a sort of reward for solving a difficult math problem. When the problem is solved, a certain amount of cryptocurrency is awarded—or mined. Our devices can get roped into this by bad actors hijacking our computing power to solve these problems and increase their virtual bankroll.
• Sending or relaying messages. This helps disguise the true identity or location of a bad actor. It also can be a means of distributing a phishing message to many targets at nearly the same time.
• Relaying malware payloads. Botnets try to compromise more devices almost as a rule. Botnets can also be used to infect other devices with different malware for the bad guy’s purposes.
• Performing distributed denial of service (DDoS) attacks. DDoS attacks work by having a huge number of devices trying to access a site or network at once. This can crash websites or lock corporations out of their own systems.

7 simple steps anyone can take

1. Keep an eye out for phishing red flags. Phishing messages are a big way malware is distributed.
2. Be careful of any link, whether in an email or text message.
3. Change passwords for internet-connected devices from the default as you are setting up. Make sure they are strong and unique.
4. Use brands with a reputation for creating secure systems and sending out security patches.
5. Keep all internet-connected devices up to date. Retire devices with firmware or operating systems no longer supported by the manufacturer.
6. Disable Universal Plug and Play to maintain control of connectivity within your network.
7. Use a quality antivirus on any device possible.

Want to know more about botnets?

Get more details from UpGuard’s original post.