CyberInsights
The blog about your IT security

Botnets: Modes of operation, dangers & protective measures

dgc-cyberinsights-botnetze

Hacking methods such as denial of service, phishing or spam e-mails pose a serious threat to corporate IT security. Such cyberattacks can be triggered by so-called botnets, which develop a multiple attack power by linking many computers. Find out here how exactly botnets work, why they are so dangerous and how you can protect your company against them.   

What are botnets and how do they work?

Botnets fall into the malware category. The bots allow cybercriminals to gain unnoticed access to individual computers to link them into a widespread, often global, network. The computers continue to operate separately from each other but are connected via malware – enabling hackers to communicate to infect the systems and carry out attacks. Like a robot or artificial intelligence, a bot can independently perform tasks in the attackers’ interests. To do this, it can access not only the infected computer’s data, but also company networks and even connected electronic devices such as printers, cameras, or smart TVs.

Botnet setup: how a computer gets infected  

Bots infect a PC or a server in various ways. Like other malware, the infection proceeds via unsafe websites, unknown email attachments, foreign links or installation of programs downloaded from the network. Once a bot has entered the system, it can be connected to an existing botnet. This network, in turn, is used by cybercriminals for illegal purposes. It is controlled via an additional so-called command-and-control server. The cybercriminals can use this to communicate inconspicuously with the bots and initiate data transmission or data theft.   

To secure their own infrastructure as good as possible, companies should check their systems and company servers for vulnerabilities and security gaps, for example through regular penetration tests.  

Botnet example “Avalanche”

Avalanche was an internationally operating botnet discovered in 2008 that was primarily used for phishing attacks and spam emails. The network comprised a total of 20 different standalone botnets, ranking it among one of the largest infrastructures of botnets ever discovered. Numerous private as well as business computer systems were affected and infected with various malware programs. These included ransomware and banking Trojans, which were used to collect bank data and other confidential information, steal it, and use it for extortionate purposes. In 2009 for example, Avalanche was responsible for two-thirds of all phishing attempts. At the end of 2016, authorities finally succeeded in rooting out the botnet. 

Why do botnets constitute a major threat, especially for enterprises?

Botnets are a powerful tool in the hands of cybercriminals and can be used for many types of attacks. If companies become victims of cyber attacks, fast action is required.  

Business failure due to botnets

A Distributed Denial of Service attack – DDoS attack for short – can cripple entire servers and cause irreparable damage to businesses. To do this, the bots connected through the network continuously send requests to the web server, for example, to call up a specific website. The server is so overloaded by the frequency of the requests that it can only operate at a slower pace or fails completely. If such an attack affects a corporate website, for example, it is unavailable for several hours or days. The consequences are financial losses and damage to the company’s reputation. In addition, a DDoS attack can open up further IT security gaps in the company’s servers, through which viruses or ransomware can penetrate and additionally enable data theft.  

Detecting a botnet

For users of infected devices, there are usually no signs that a bot has found its way into the system. This is where the expertise of experienced IT service providers is usually needed, especially when it comes to restoring data security. Indications of a botnet infestation can include warnings from installed virus scanners, unknown icons in the task manager or a slowed Internet connection. However, these symptoms do not clearly indicate a botnet. For this reason, companies should establish a solid security concept in advance that prevents bots from infecting the company’s internal IT landscape. Specialized IT security providers such as the Deutsche Gesellschaft für Cybersicherheit (DGC) offer various protective measures for this purpose.   

Protective measures against botnets and DDoS attacks

Attacks carried out via botnets can develop a high level of attack power. But what specific measures should enterprises take to protect themselves from botnets and DDoS attacks?

  1. Educate employees: Even if a device infected by bots is difficult to detect, companies can counteract a botnet attack. For example, if phishing emails or deceptive websites are detected early, the risk of bots entering company servers in the first place is reduced. Special security awareness training helps companies raise cybersecurity awareness among their workforce and management personnel.  
  2. Adequately protect devices: To secure every single device in the company, protection programs such as virus scanners should be kept up to date and updated regularly. To minimize the attack surface for cyberattacks, it is also advisable to remove devices from networks that do not necessarily have to be connected to the Internet. These can be printers or monitors, for example. To identify security gaps and weak points within one’s own IT infrastructure, it is a good idea to use IT security tools such as cyberscan.io® from DGC.   
  3. Ensure help in case of emergency: If an attack takes place despite the protective measures, the extent of the attack must be limited as quickly as possible. Ideally in collaboration with experienced IT security analysts such as the team at DGC’s Cyber Defense Operation Center (CDOC). This way, cyber attacks are noticed and averted more quickly. In addition, CDOC experts develop contingency plans for companies that include reparation measures and recovery options.   

Follow a holistic approach

Botnets can cause grave damage to companies due to their widespread distribution and interconnectedness. This is also demonstrated by prominent cases, such as the Avalanche botnet. Therefore, it is advisable to optimize existing security measures and to consult experienced experts. This ensures lasting protection and reduces the risk of a successful botnet attack.  

Contact us and let us advise you on all aspects of cybersecurity.  

Follow us on

Subscribe to our newsletter on the topic of cyber security

With our Cyberletter you are always up to date - about vulnerability reports, current IT threat scenarios and other relevant news from the field of cyber security and data security.

By registering, I accept the handling of my personal data (§13 DSGVO) and agree to the privacy policy.