Skip to main content

Botnets - How Infected Device Networks Operate

About 2 min read

A botnet is a network of numerous computers and devices infected with malware that are remotely controlled by an attacker. Infected devices are called "bots" or "zombies" and, without their owners noticing, are used for malicious activities such as DDoS attacks, sending spam email, and credential stuffing. The 2016 Mirai botnet commanded roughly 600,000 IoT devices and caused large-scale internet outages. In 2024, Mirai variants remain highly active, and attacks targeting IoT devices are on the rise.

The Structure of a Botnet

Traditional botnets were centralized, built around a C&C (Command and Control) server, but in recent years P2P botnets have also been increasing. A centralized botnet can be neutralized by cutting off the C&C server, whereas in a P2P botnet the nodes communicate directly with one another, so there is no single point of failure and takedown is difficult. As IoT devices have proliferated, the number of cases in which routers, cameras, and other devices with weak security are incorporated into botnets has surged.botnet and cybercrime books on Amazon offer a more detailed look.

Real-World Use Cases

"A SOC alert detected periodic communication from multiple endpoints on our internal network to the same C&C server. The investigation revealed that three PCs had been incorporated into a botnet, so we immediately isolated them from the network and carried out remediation."

The Structure of a Botnet

Centralized (C&C model)
Attacker
C&C server
Bot
Bot
Bot
P2P (distributed model)
Bot
Bot
Bot
Bot

A Concrete Damage Scenario

A common misconception is that "even if my device is incorporated into a botnet, there is no real harm." In reality, the device's processing power and network bandwidth are consumed, which not only slows it down but can also expose you to legal risk by serving as a stepping stone for criminal activity. For example, when a home router is left with its default password, cases have been confirmed in which it is incorporated into a botnet within a few hours.

How to Prevent Infection

It is important to keep your device firmware up to date and to always change the default password. Set a strong, random password on your router and IoT devices to prevent them from being incorporated into a botnet. A suspicious increase in traffic or a slowdown in device performance may be a sign of infection.network monitoring books (Amazon) are also a useful reference.

Related Terms

Was this article helpful?

XHatena