Botnets – Why you should know (and fear) them
Jeremy McMaster April 5, 2017
We’ve all been affected by them. These days, they’re as certain as death and taxes. Unlike taxes and death however, most botnets are avoidable. Here’s a primer and some helpful information about how to steer clear of them.
A botnet is a collection of devices, connected to the Internet which can be used to execute coordinated computing tasks for various, usually criminal tasks. Botnets are typically created through malware/virus deployment such as email, infected websites or devices vulnerable to hack/injection.
Botnets are most commonly used for:
- Distributed Denial of Service attacks (DDOS) – Dyn attack, Google, Microsoft
- Spam delivery via distributed networks
- Brute force attack coordination
- Extortion – We will take your website down unless you pay $$$.
- Information control – politically motivated
- Fraud – Distributed pay per click advertising revenue (though Google does it’s best to identify invalid clicks and not charge advertisers)
- And a lot more
A Target Near You
Virtually everyone and every device connected to the internet can be targeted by a botnet.
- Botnets are made to target every OS and device; they don’t care if your operating system is Windows, Apple or Linux, or if you’re working from a Desktop, Laptop or Server
- Cell phones are increasingly targeted
- Websites and webservers make great points of contamination so are often targeted
- Home automation systems (security systems, camera/DVRs, thermostats, locks, smart TVs can all be used
The Hows and Whys
If botnets are avoidable, how come they’re so common? Here are some factors that contribute to the pervasiveness of the problem:
- Lack of education: End users have never been trained properly on what to do and what not to do on the Internet.
- Lazy people: People may know but they are too lazy to do what is required to ensure security. Experts who provide bad service: Systems left not updated and vulnerable.
- Poorly secured hardware: Hardware vendors not spending enough time securing and maintaining/updating hardware.
Botnets and Your Home
Here are some simple things to help keep digital devices in your home secure:
- Use current/supported hardware and make sure it is up to date
- Secure the hardware with a complex password
- All computers/devices should have a paid for antivirus/antimalware solution installed
Botnets and Your Website
Security is no longer an option. If you use an open-sourced CMS (WordPress, Drupal and Joomla are the biggest examples) keep the systems up-to-date by applying the latest patches – especially if they are security updates.
Have a security audit done of your website. Older websites were written using the best coding practices of their day, but if your custom website is over 5 years old, chances are that you’ve got some outdated, or even vulnerable code. The good news is that if you update your code you won’t just make your site safer, you’ll likely make it faster too!
If you sell items on your site, or if your site gets lots of traffic or is ‘mission critical’ to your business, consider using a firewall service that will protect the site from hackers, spam, SQL Injections, DdoS Attacks, etc. while allowing legitimate traffic to safely access your site.
Botnets and the Workplace
Network security isn’t something that you can ‘get around to’. The cost of protecting your workplace from Botnets and other malware is small compared to the time and money lost if you loose hardware and/or data
All the anti-virus protection in the world won’t protect you if you don’t educate yourself about safe email and browsing practices. Here’s a good test, provided by OpenDNS. We’d be happy to come in and do some staff training; we can even make it fun!
Partner with experts. We use the best solutions available to help our clients.
Our passion is to connect people through design and technology. And with today’s technology in place and a little education, we can help you connect to your audience safely.