Top 5 Botnets of 2017

top botnets 2017

While data breaches and other cyberattacks made major news headlines this year, botnets also had their fair share of the spotlight. When we think of botnets, we usually only think of infected PCs that become part of a “zombie” network used to unleash web attacks after it grows large enough. As the number of internet-connected devices (IoT) grows, so does the number of potential networks and entry points, waiting to be exploited by hackers. Take the vulnerabilities arising from IoT devices, for example. With botnets, users are typically not aware that their devices, whether it be mobile phones, routers, or other household smart devices, can all be part of an elaborate botnet network ready to infect other devices and launch cyberattacks. Here we count down five botnets that emerged in 2017:

1. ‘Star Wars’ Twitter Botnet

With the growth of social media, bots don’t always have to take control of devices to spread malware or launch cyber attacks. While some might dismiss automated bots on Twitter as simply harmless annoyances, they might pose a serious underlying security threat to users of the popular social media platform. Twitter serves as a source of online news, handling around 328 million active users each month, with users sending around 500 million tweets a day. In January, two security researchers discovered a Star Wars-themed Twitter botnet comprised of 350,000 bot accounts, known to tweet random quotes from the movie franchise. The presence of a large botnet like this one may entail unwanted and even significant repercussions. For instance, the bots may send unsolicited spam, create fake trending topics to sway public opinion, launch certain cyberattacks, and so on. Till present, the actual purpose of this botnet is still unclear, but will we see more of it in 2018?

2. Hajime Malware Botnet

The Hajime botnet, named after the Japanese word for “beginning,” first appeared in October of last year, and as of April 2017 has accumulated 300,000 devices. This particular botnet is different from traditional botnets which purposes are typically malicious. Ironically, it is protecting these compromised IoT devices from being infected by additional malware. According to researchers at Kaspersky Lab, the botnet is “in competition” with the Mirai botnet for control over IoT devices. However, no additional malicious activity has been detected or traced by researchers. So far, targets have been limited to DVRs (Digital Video Recorders), web-cameras, and routers. Though the Hajime botnet’s underlying purpose is unclear, there is potential for abuse as the botnet could likely be used as a gateway for hackers to tap into networks and launch more dangerous attacks, like ransomware.

3. WireX Android Botnet

Malicious apps have been rampant all year long. Google’s Play Store in particular has seen a surge of malicious apps and bots disguising themselves as legitimate apps. In August, security researchers first came across the WireX botnet, and in a matter of weeks after its initial discovery, infected networks had numbered in the tens of thousands. The bot network primarily infected Android devices, hiding under system processes and waiting patiently to launch the attacks. Because the apps themselves do not appear malicious after users install them, they evade initial detection. Researchers discovered that the botnet creators may also be using advertising click-fraud software to “repurpose” the bots for launching DDoS attacks. Luckily, Google officials along with a coalition of tech firms like Akamai, Flashpoint, and Oracle Dyn have taken down the botnet, and Google has stated that they were in the process of removing the malware-ridden apps from affected devices.

4. The Reaper IoT Botnet

The Reaper was first discovered in September and is known to “quietly” target known vulnerabilities in wireless IP-based cameras and other IoT devices by running a list of known usernames and passwords against the device. Once a device is infected, it can spread malware to other vulnerable devices, enslaving them into the botnet network. The reaper malware is believed to have infected a million networks, but these numbers don’t always tell the whole story. Security researchers who have closely studied the botnet claim that if the botnet were to launch a DDoS attack, it would pose less of a threat than initially believed and would be easier to stop than the Mirai botnet, which only used 100,000 infected IoT devices. Though the botnet might not bring down the entire Internet, that is not to say we should not fear the Reaper as it has the capabilities to launch SYN-floods, ACK-floods, http floods, and DNS reflection/amplification attacks, which can bring websites down too.

5. Satori IoT Botnet

Dubbed Satori for the Japanese word “awakening,” this botnet emerged almost out of the blue during the first week of December. Security researchers have identified at least 280,000 IP addresses connected to this botnet. Satori appears to be a variant of the Mirai botnet which has already enslaved hundreds of thousands of home routers. Many are calling it the Mirai botnet’s successor. However, unlike Mirai or similar variants of it, the Satori botnet spreads by exploiting a zero-day vulnerability in routers and use a “remote code” execution bug instead of relying on a Telnet scanner to find vulnerable devices to infect with malware. The Satori botnet also behaves and functions more like a worm, in which compromised devices infect each other. The botnet is spreading fast, and many security researchers fear that the Satori botnet is able to launch attacks at any given time.

When it comes to threats of the web, botnets may be the most dangerous of them all. Though they are most often associated with one particular type of cyberattack, DDoS, a botnet can actually do more than just flood a website or network with fake “requests” to knock it offline. They also have the power to flood millions of email inboxes with spam within seconds, launch brute force attacks to crack passwords of vulnerable devices, collect sensitive information from users of infected devices, and more.

As mentioned, IoT has made the problem of botnets much worse. For this reason, there needs to be a greater understanding of how to safeguard IoT devices. This is particularly difficult when vendors and manufacturers don’t always prioritize security. For more on the importance of IoT security, check out our previous blogpost!