In a significant victory against cybercrime, an international law enforcement team has successfully dismantled the massive "911 S5" botnet, which has been operational for almost a decade. This extensive network, believed to be the largest of its kind globally, involved approximately 19 million compromised computers. As part of the operation, authorities also apprehended a Chinese national linked to the botnet.
The huge botnet, active in over 190 countries, was rented out to hackers for various illegal activities. FBI Director Christopher Wray pointed out its global impact, mentioning it facilitated financial fraud, identity theft, and even gave access to child exploitation materials. The Department of Justice added that the botnet was involved in bomb threats and cyberattacks, causing potential losses in billions of dollars.
It was also connected to more than 613,000 IP addresses in the US. Authorities seized internet equipment and assets and took action against YunHe Wang, believed to be the botnet's leader, and his partners, according to Wray.
What is Botnet Attack?
Botnets are networks of compromised computers or connected devices, infected with malware by cybercriminals, who then exploit them for malicious purposes. These devices form a "zombie army," operating without the knowledge of their owners.
Common Botnet Attacks
Brute Force Attack: A brute force attack is employed by cybercriminals when they lack the target's password(s). This technique involves rapidly and repeatedly guessing passwords using specialized software. The malware interacts directly with the targeted service, providing real-time feedback on password attempts. Additionally, attackers may leverage leaked credentials or personal information to enhance their guessing efforts.
Distributed Denial of Service (DDoS) Attacks: One of the most prevalent botnet attacks is the Distributed Denial of Service (DDoS) attack. This type of attack overwhelms a service with excessive web traffic, causing it to crash and disrupting normal operations. A notable example is the 2016 Mirai botnet attack, which targeted the domain name service provider Dyn, leading to significant outages and performance issues for major websites like Twitter and Soundcloud in various regions.
Spam and Phishing
Botnets: These attacks are often used to send out massive amounts of spam emails as part of phishing campaigns. These emails aim to deceive recipients into divulging sensitive information or login credentials. Phishing not only compromises individual accounts but can also help expand the botnet by infecting more devices.
Device Bricking: These attacks involve infecting devices with malware that deletes their contents, often to cover up evidence of a primary attack. This process renders the devices completely inoperative, essentially turning them into "bricks." These attacks are typically carried out in multiple phases, ultimately leaving the affected devices useless.
What Can You Do?
Keep Software Updated: Regularly update system and device software, especially on lesser-used devices. Apply updates immediately upon release.
Secure IoT Configurations: Change default login credentials and remove outdated, unused devices from the network to eliminate potential attack vectors.
Limit Device Access: Restrict and monitor access to IoT devices. Segregate or air-gap IoT devices from critical systems to minimize attack impact.
Enhance Authentication: Enable multi-factor authentication and limit the number of users with access to IoT devices.