What are Bots,Botnets,Zombies?Bot-enabled Blackmailing and HackingBots
About the Newsletter:?This newsletter focuses upon various aspects of the Emerging Technologies of the world from all Industry Sectors & walks of Life.This week the Newsletter will cover in brief as to What are Bots,Botnets,Zombies? What is Bot-enabled Blackmailing & what are Hacking Bots .This research intent is to distill what can be learned from such technologies?& what can be incorporated in Real life situations and built upon the experience
Introduction: -Botnets, networks of compromised or hijacked computers, have been around for more than two decades. Over the last years, however, accelerated by the expansion of the internet and the massive increase of internet-connected services, as cybercrime has become increasingly organized, botnets have turned into a major and multifaceted underground industry generating huge profits for cyber criminals. They are used for malicious activities, such as massive information theft, spam campaigns and the execution of distributed denial of service (DDoS) attacks, rendering the targeted services unavailable. Furthermore, botnets have been involved in many of the most large-scale cyber-attacks the world has witnessed to date, such as the DDoS attacks against Estonia in 2007 and Georgia in 2008,7 as well as being employed by hacktivists to convey their messages.??On a daily basis, information security specialists use various techniques to detect and mitigate botnets; however, there seems to be a great deal of uncertainty as to what are the requirements and restrictions arising from the law which should be considered with respect to each technique. To that end, this report discusses some of the most common 7 See, e.g., Tikk, E., Kaska, K., Vihul, L. International Cyber Incidents: Legal Considerations. CCD COE Publishing, Tallinn, 2010.?3 botnet-fighting methods from a legal perspective, in order to address the potential legal concerns and risks related to each of them.??After a brief introduction to botnets, the report gives an overview of the development of the European Union criminal legislation relevant to the fight against botnets. Then, antibotnet techniques and methods are analyzed in the context of the legislation of two European Union Member States, Germany and Estonia. With Germany representing a big European Union founding nation known for its strong protection of basic rights, privacy in particular, on the one side, and the small country of Estonia being a fairly recent member of the EU, known for its IT-innovativeness and flexibility, on the other, two quite different countries have been selected for this study.?Even though the analysis relies primarily on Estonian and German law, it should be kept in mind that Estonian as well as German information society legislation is largely based on that of the European Union and that cyber offences in the respective Penal Codes were developed taking into account the requirements set forth in the Council of Europe Cybercrime Convention.8 Therefore, many of the problems which are addressed and their proposed solutions can be quite universal, especially in the context of the European Union.??This report tries to point out most of the potential points of concern related to the technical measures used to counter botnets, as well as the responsibilities of various affected stakeholders arising from different areas of the law. The complexity of countering botnets is to a great extent caused by the very fact that many areas of law become relevant and have to be viewed and analyzed holistically. Although not covered in this report, a number of examples of botnet takedowns and takeovers already exist in different jurisdictions, and the experience gained from these case studies, specific to each individual botnet, should also be taken into account when planning a botnet takedown or takeover. The practical knowledge from past cases combined with the academic approach of this report, as well as appropriate and timely legal advice, should help to ensure the lawfulness of anti-botnet operations.???The prospective audience for this report is not limited to representatives of the legal profession who are requested to advise on certain anti-botnet measures, but is also expected to include information technology specialists involved in, or considering, infiltrating, taking down or taking over a botnet. Keeping in mind the interdisciplinary readership of this study, it is written so that no specialist knowledge of either discipline is required in order to follow the logic of the discussions.
What are Bots, Botnets and Zombies?
You have probably heard terms such as “bots,” “zombies,” and “botnets” in recent news stories about data breaches and other cyber security risks. But what exactly are they, how do they work, and what damage can they cause?A bot, short for "robot", is a type of software application or script that performs automated tasks on command.?Bad bots perform malicious tasks that allow?an attacker to remotely take?control over an affected computer. Once infected, these machines may also be referred to as zombies.A collection of these infected computers is known as a “botnet.”
Hundreds of millions of computers worldwide are infected with bots and under the control of hackers (i.e., part of a botnet). The owners of these computers typically do not experience any signs that the machine is infected and continue to use it, unaware they are being controlled remotely by a cyber criminal. In fact, the infected machine could be sending multiple spam emails, including to all contacts in the computer, making it appear to the recipient that the email is legitimate and from someone they know.A botnet that has recently been in the news is the Gameover Zeus Botnet, which allows the cyber criminals to retrieve banking passwords from the infected machines, or use the botnet to infect more computers. This botnet was responsible for nearly one million infections worldwide since its first attack in September 2011.[i] In June 2014, U.S. and international law enforcement seized control of the botnet, and are working with Internet service providers (ISP) to notify impacted victims.News about internet crimes often mentions "bots", "zombies", and "botnets". It's not hard to figure out from the context that these are computer or network security threats. But what exactly are they, how do they work, and what kind of damage can?they cause?
Are you prepared for today’s attacks? Discover the year’s biggest cyber threats in our annual?Threat Report.
Although taking over one computer is useful, the real value to a criminal comes from collecting huge numbers of zombie computers?and networking them?so they can all be controlled at once to perform large-scale malicious acts. This type of network is known as a "botnet".
How Do Botnets Work?
Botnets have been?one of the most common methods of malware deployment for the past decade, infecting hundreds of millions of computers. As botnets infect new technologies, such as Internet of Things (IoT) devices in homes, public spaces, and secure areas, compromised systems can?put even more unsuspecting users at risk.
They perform large operations while remaining small
Most people would be shocked to learn that the spam they're receiving is coming from thousands or even millions of computers just like their own. The real owners of those computers can still use them, and are probably totally unaware that anything is wrong, except perhaps that their computer sometimes seems slow. Most botnets have an extremely small footprint, meaning they bog your system down or use a lot of system resources, so it can be?difficult to recognize when your machine is being used by a criminal for malicious purposes. They also typically have the ability to mask themselves, so they can perform large-scale attacks without getting noticed.
They compromise open-source and unsecured devices
Mirai, a botnet discovered in 2016, primarily attacked IoT devices, including cameras and internet routers.?Essentially, devices infected with Mirai malware became bots that would scan the internet to locate IoT devices. Mirai would then use common default usernames and passwords set?by device manufacturers to try to infiltrate and infect those devices. For the most part, infected devices would function normally, even as they were used in major?distributed denial of service (DDoS) attacks.
It only takes minutes for an unprotected, internet-connected computer or another device to be infected with malicious software and turned into a bot, underscoring the critical need for every computer and smartphone user to have up-to-date?internet security software?on all their devices and to always change factory default usernames and passwords.
Why do Cybercriminals use Botnet Attacks?
To steal financial and personal information
Hackers may use botnets to send spam, phishing, or other scams to trick consumers into giving up their hard-earned money. They may also collect information from the bot-infected machines and use it to?steal identities?and run up loan and purchase charges under the user's name.
To attack legitimate web services
Criminals may use their botnets to create DoS and DDoS?attacks that flood a legitimate service or network with a crushing volume of traffic. The volume may severely slow down the company’s service or network’s ability to respond or it may entirely overwhelm the company’s service or network and shut them down.
To extort money from victims
Revenue from DoS attacks comes through extortion (pay or have your site taken down) or through payments by groups interested in inflicting damage to a company or network. These groups include "hacktivists" — hackers with political agendas as well as foreign military and intelligence organizations.
To make money from zombie and botnet systems
Cybercriminals may also lease their botnets to other criminals who want to send spam, scams, phishing, steal identities, and attack legitimate websites, and networks.
How Do Hackers Control a Botnet?
Issuing commands is a vital part of controlling a botnet. However, anonymity is just as important to the attacker. As such, botnets are operated via remote programming.
Command-and-control (C&C)?is the server source of all botnet instruction and leadership. This is the bot herder's main server, and each of the zombie computers gets commands from it.Each botnet can be led by commands either directly or indirectly in the following models:
Centralized models?are driven by one bot herder server. A variation on this model may insert additional servers tasked as sub-herders, or “proxies.” However, all commands trickle down from the bot herder in both centralized and proxy-based hierarchies. Either structure leaves the bot herder open to being discovered, which makes these dated methods less than ideal.
Decentralized models?embed the instruction responsibilities across all the zombie computers. As long as the bot herder can contact any one of the zombie computers, they can spread the commands to the others. The peer-to-peer structure further obscures the identity of the bot herder party. With clear advantages over older centralized models, P2P is more common today.
What Are Botnets Used For?
Botnet creators always have something to gain, whether for money or personal satisfaction.
Most of the motives for building a botnet are similar to those of other cybercrimes. In many cases, these attackers either want to steal something valuable or cause trouble for others.
In some cases, cybercriminals will establish and sell access to a large network of zombie machines. The buyers are usually other cybercriminals that pay either on a rental basis or as an outright sale. For example,?spammers?may rent or buy a network to operate a large-scale spam campaign.Despite the many potential benefits for a hacker, some people create botnets just because they can. Regardless of motive, botnets end up being used for all types of attacks both on the botnet-controlled users and other people.
Below are some of my personal favourite Videos taken from Youtube for Training Purposes which anyone can have a glance at depending upom their requirements
Some Links for Online Learning :
Examples of botnet attacks
Zeus
The?Zeus malware, first detected in 2007, is one of the best-known and widely used malware types in the history of information security. Zeus uses a?Trojan horse?program to infect vulnerable devices. Variants of this malware have been used for various purposes over the years, including to spread CryptoLocker?ransomware.
领英推荐
Initially, Zeus, or Zbot, was used to harvest banking credentials and financial information from users of infected devices. Once the data was collected, attackers used the bots to send out spam and phishing emails that spread the Zeus Trojan to more prospective victims.
In 2009, cybersecurity vendor Damballa estimated Zeus had infected 3.6 million hosts. The following year, the Federal Bureau of Investigation (FBI) identified a group of Eastern European cybercriminals who were suspected to be behind the Zeus malware campaign.
GameOver Zeus
Approximately a year after the original Zeus botnet was disrupted, a new version of the Zeus malware, known as GameOver Zeus, emerged.
Instead of relying on traditional, centralized C&C servers to control bots, GameOver Zeus used a P2P network approach, which initially made the botnet harder for law enforcement and security vendors to pinpoint and disrupt.
Infected bots used a domain generation algorithm (DGA) to communicate. The GameOver Zeus botnet would generate domain names to serve as communication points for infected bots. An infected device randomly selected domains until it reached an active domain that was able to issue new commands. Security firm Bitdefender found it could issue as many as 10,000 new domains each day.
In 2014, international law enforcement agencies took part in Operation Tovar to temporarily disrupt GameOver Zeus by identifying the domains used by the cybercriminals and then redirecting bot traffic to government-controlled servers.
The FBI also offered a $3 million reward for Russian hacker Evgeniy Bogachev, who was accused of being the mastermind behind the GameOver Zeus botnet. Bogachev is still at large, and new variants of GameOver Zeus have since emerged.
Methbot
An extensive cybercrime operation and ad fraud botnet known as Methbot was revealed in 2016 by cybersecurity services company White Ops.
According to security researchers, Methbot was generating between $3 million and $5 million in fraudulent ad revenue daily by producing fraudulent clicks for online ads, as well as fake views of video advertisements.
Instead of infecting random devices, the Methbot campaign was run on approximately 800 to 1,200 dedicated servers in data centers located in both the U.S. and the Netherlands. The campaign's operational infrastructure included 6,000 spoofed domains and more than 850,000 dedicated Internet Protocol (IP) addresses, many of which were falsely registered as belonging to legitimate ISPs.
The infected servers produced fake clicks and mouse movements and were able to forge Facebook and LinkedIn social media accounts to appear as legitimate users to fool conventional ad fraud detection techniques.
In an effort to disrupt the monetization scheme for Methbot, White Ops published a list of the spoofed domains and fraudulent IP addresses to alert advertisers and enable them to block the addresses.
Mirai
Several powerful, record-setting DDoS attacks were observed in late 2016 and later traced to a brand of malware known as Mirai.The?traffic produced by the DDoS attack?came from a variety of connected devices, including wireless routers and closed-circuit television (CCTV) cameras.
Mirai malware was designed to scan the internet for unsecured devices, while also avoiding IP addresses belonging to major corporations and government agencies. After it identified an unsecured device, the malware attempted to log in using common default passwords. If necessary, the malware resorted to?brute-force attacks?to guess passwords.
Once a device was compromised, it connected to C&C infrastructure and could divert varying amounts of traffic toward a DDoS target. Devices that were infected often still continued functioning normally, making it difficult to detect Mirai botnet activity.
The Mirai source code was later released to the public, enabling anyone to use the malware to create?botnets by targeting poorly protected IoT devices.
Addressing vulnerabilities of IoT devices
The increase of connected devices used across modern industries provides an ideal landscape for botnet propagation. Botnets rely on a large network of devices to complete their objective, making IoT -- with its large attack surface -- a prime target. Today's cheap, internet-capable devices are vulnerable to botnet attacks, not only because of their proliferation, but because they often have limited security features. In addition, IoT devices are often easier to hack because they cannot be managed, accessed or monitored in the same way that conventional information technology (IT) devices can. Businesses can work to?improve IoT security by putting stricter authentication methods in place.
Disrupting botnet attacks
In the past, botnet attacks were disrupted by focusing on the C&C source. Law enforcement agencies and security vendors traced the bots' communications to wherever the control server was hosted and then forced the hosting or service provider to shut the server down.
However, as botnet malware becomes more sophisticated and communications are decentralized, takedown efforts have shifted away from targeting C&C infrastructures to other approaches. These include identifying and removing botnet malware infections at the source device, identifying and replicating P2P communication methods, and, in cases of ad fraud, cracking down on monetary transactions rather than technical infrastructure.
How to prevent a Botnet Attack
If you have not installed security software and ensured that it is turned on?and kept up-to-date your machine is likely infected with all kinds of malicious software. Here are a few steps you should take to protect your systems from botnet infiltration:
Common user risks occur when downloading content from unknown sites or from friends that don't have up-to-date protections and unwittingly pass infected files to other users. When people download?compromised files, the malicious code can evade weak security checkpoints which might have tried?to quarantine and remove the?malware. Always use extreme caution when downloading information or files from someone whose computer is not protected.Malware developers?are always looking for new ways to get around security measures, and there is the risk of infection because of actions taken by you?or by another person who used the computer or system. Be sure to use?advanced internet security?software?that can detect and stop viruses and other malware, even if you accidentally click a link, download a file, or take other actions that can let infections?onto your machine.
It only takes moments for an unprotected, Internet-connected computer to be infected with malicious software and turned into a bot. Every user should have up-to-date security software on all their devices.
The best protection is to set your anti-virus and anti-spyware programs to automatically update, and to automatically install every patch made available for your operating system and browser.
Do not click on links in unsolicited emails.
Do not click on links from your friends and family if they are not using updated security measures. They may unknowingly transmit an infection on their machine to yours.
While there is no single action that will protect you from all of the cyber risks, by implementing these foundational best practices, you can greatly reduce the likelihood that your computer will be caught in the next botnet.
Preventing botnets with cybersecurity controls
There is no one-size-fits-all solution to?botnet detection and prevention, but manufacturers and enterprises can start by incorporating the following security controls:
·?strong user authentication methods;
· secure remote firmware updates, permitting only firmware from the original manufacturer;
·?secure boot to ensure devices only execute code produced by trusted parties;
·??advanced behavioral analysis to detect unusual IoT traffic behavior; and
·??methods using automation, machine learning and artificial intelligence (AI) to?automate protective measures in IoT networks?before botnets can cause serious harm.
These measures occur at the manufacturing and enterprise levels, requiring security to be baked into IoT devices from conception and businesses to acknowledge the risks.
From a user perspective, botnet attacks are difficult to detect because devices continue to act normally even when infected. It may be possible for a user to remove the malware itself, but it is unlikely for the user to have any effect on the botnet as a whole. As botnet and IoT attack vectors increase in sophistication, IoT security will need to be addressed at an industry level.
About the Author :?Well, I have a deep interest in learning all about new technological advancements and their impacts as a whole, I have just started with this & will continue with this journey on a Weekly basis for the time being
Anjoum Sirohhi