DDoS Botnets are Evolving

keyboard-computer-typingWhat are Botnets?

At their base level, botnets are essentially a series of net-connected programs designed to link up different computers, the aim being to perform certain tasks. In themselves, bots are not malicious. However, in the last few months they have been used more and more by hackers as part of their assault techniques.

When deployed with malicious intent, bots can be used to control a huge number of computers at once, turning them into “zombie” participants in the attack.  This gives hackers a huge wealth of resources for carrying out the attacks, and at no cost. Perhaps the most concerning fact is that many of the computers infected are participating without the knowledge of their owners.

Botnets for rent

Botnets have been more frequently used in recent months to participate in targeted attacks. All of the computers within the “army” can be used to generate a flood of traffic to the victim site, causing the DDoS effect. Some recent attacks have even made use of headless browsers in order to try and disguise traffic as being from legitimate users – this makes it far harder for mitigation companies to identify the threat.

Such is the increase in awareness of botnets that online users are now actually renting the service out. A DDoS botnet rental currently hovers around $200 per day depending on the size of the flood needed. Some sellers even offer a “try before you buy” service.

The evolution of the Botnet

In recent months, Botnets have begun to evolve. One example to that comes from a report by a [tp lang=”en” only=”y”]DDoS protection[/tp][tp not_in=”en”]DDoS protection[/tp] service provider (Incapsula) that saw the hackers take things up to a new level, with a single source 4Gbps “DDoS Canon”.

While, the 4Gbps in itself is not a monumental assault, the DDoS attacke was still able generated 8 million DNS queries per second to a number of domains, with the traffic originating from spoofed IP addresses. Yet the real question here is: how many such resources can be used at the same time? In other words, if just one single bot can now generate 4Gbps worth of traffic, how much damage can be done by a botnet of 10, 50 or even 10,000 or 100,000 such sources?

It should be noted that the typical size of a DDoS botnet goes way beyond 10,000. Since Incapsula’s report indicates that the 4Gbps assault was executed without the use of DNS amplification, the danger posed by such “Cannons” is all by apparent.

Where is this heading?

It’s now absolutely vital for anyone who relies on their website financially to take their security processes very, very seriously. Even security processes from a year ago may be soon unable to cope with the sheer volume of the attacks now able to be generated from single sources, not to mention the volumes that can be produced by botnets consisting of tens of thousands of such DDoS cannons.

Guest article written by: Ella Mason, an experienced freelance writer, wrote this article. Ella specialises in providing useful and engaging advice to small businesses. Follow her on Twitter @ellatmason

Leave a Comment