The seriousness of anti-botnet efforts in 2018

Credit: NextGov

Battling botnets has long been a war fought on multiple fronts. In the earlier days of DDoS attacks it was up to computer owners to try and keep their machines from being enlisted in botnets, and up to website owners to protect against DDoS attacks.

Then botnets branched out from computers and DDoS attacks became increasingly damaging to organizations, and not only did professional DDoS mitigation become a pretty big business, but law enforcement agencies like the FBI got involved in trying to hunt down botnet operators.

Now the botnet problem has become big enough that governments are getting involved in the fight. Most recently the US departments of Homeland Security and Commerce issued a draft report outlining to President Trump and his administration a preliminary plan for increasing resilience against botnets. This is the first step in what is going to be the long and essential process of taking power away from these hives of criminal activity.

This is how we’ve gotten here.

A brief history of botnets

The increasingly unfortunate story of massive cyber attacks and government-level concerns starts with a simple question: what is a botnet? The answer is a large amount of Internet-connected devices grouped together into a network as a result of the malware they’ve been infected by, malware that allows the entire network to be controlled remotely.

Botnets are most frequently used to launch distributed denial of service (DDoS) attacks, a type of cyber attack that uses the computing power of all those devices to attempt to overwhelm a target website or online service with malicious traffic. To begin with, botnets consisted solely of computers, and it was no small feat to bypass enough security measures and anti-malware programs to infect enough computers to launch the kind of attack that could take a target offline for a significant period.

With the proliferation of tablets, smartphones and the billions of devices in the Internet of Things (IoT), botnet builders and their malware are easily assembling botnets consisting of hundreds of thousands and even a million+ devices. As botnets have grown, so too has the damage they can do.

A growing problem

IoT botnets first gave the world a taste of what they can do in 2016 when the Mirai botnet unleashed a series of record-breaking DDoS attacks on cybersecurity blogger Brian Krebs, French hosting provider OVH, and the Dyn DNS server. The attack on Dyn took major websites and services like the New York Times, Netflix, Reddit and Twitter offline, thereby introducing DDoS attacks to the general public, even those who don’t typically follow matters of cybersecurity.

The assault on Dyn topped out at over 1.2 Tbps, an attack size that could topple all but the best-protected websites and services. Considering the Mirai botnet struck in 2016 and IoT botnets have been quietly growing bigger and more powerful ever since, the scale of attack that is likely on the horizon is hard to even imagine.

A growing target list

It used to be that distributed denial of service attacks were largely instruments of revenge or tools for twisted fun, with online gaming sites frequently targeted and businesses taking aim at each other. As botnets have grown, however, so too has their potential for destruction and chaos. Some security researchers are certain we will see an internet-wide outage caused by a DDoS attack in the near future, which would have truly devastating effects on financial markets and could interrupt crucial services, potentially throwing industries like health care into disarray.

Further, nations now have to be concerned about their highly sensitive data as well as their critical infrastructure as nation states are using botnets to engage in cyber warfare. Russia has been linked to DDoS attacks on the websites of US presidential candidates as well as the Brexit voter registration site, China has allegedly taken aim at a campaign for democracy in Hong Kong, and North Korea is reportedly behind a series of DDoS attacks that have targeted the media aerospace, health and financial industries in the United States over the last eight years.

Perhaps scariest of all, power grids in Ukraine as well as Estonia, Latvia and Lithuania have been affected by DDoS attacks. An attack that overwhelms and shuts down a power grid in a cold climate during a bad weather spell could potentially cause deaths.

The not-great unknown

It remains to be seen if this newly-increased attention on botnets will be able to cut into the incredible damage they’re doing, and the utter destruction they’re poised to cause. Governments and other organizations fighting the good fight are at a distinct disadvantage since the criminals behind botnets have been at it for so long, but if enough businesses and organizations can take this very serious problem to heart and governments can get together on national and international efforts to combat the ever-growing botnet threat, we all might just stand a chance.