Botnets have evolved to use weak passwords, exploits, and phishing emails as major propagation and intrusion means. Dormant attackers that are seeking opportunities to do wrong tend to exploit vulnerabilities during the time between vulnerability disclosure and remediation. Botnet hackers often exploit newly revealed vulnerabilities to infect new targets to enlarge their attack surface quickly. We can see that hackers attach much significance to vulnerability exploitation.
With regard to botnets’ covertness and profit-making, the BaaS model becomes more mature as each part of a botnet works more independently and a C&C server is deliberately made to control fewer bots.
This shows that cybercrime groups garner more illegal gains continuously by launching attacks through a variety of means such as assigning different responsibilities for each constituent, streamlining attack operations, reaching more targets, and lowering the cost.
To impose serious threats via botnets, different malicious families tend to work closely with each other to bring more security challenges to individuals and enterprises. Meanwhile, certain APT groups sustain cooperation with botnet groups, relying on their increasingly mature technical frameworks and existing infrastructure to lay the groundwork for attacks and hide their traces. This presents huge challenges to attack detection.
Botnets built by these malicious families proved to be incredibly destructive in 2019, exhibiting a higher level of industrialization and becoming more aggressive. Besides, organizers never slacken their pace of devising new tactics to carry out more devastating attacks. In response to the grim situation, security practitioners must keep pace with perpetrators to take various precautionary measures against everincreasing botnet threats.
Cybersecurity, however, has its own constraints. In addition, though the network environment is increasingly complicated with the emergence of new technologies at present, there is still a general lack of security awareness among people. All of these make it hard to nip security hazards in the bud.
In view of these facts, enterprises should upgrade systems in a timely manner and provide security education for employees. Also, security vendors should identify attack phases more accurately and strengthen cooperation with other parties. From a realistic view, these measures, as though unable to completely stop the propagation of botnets, can provide threat intelligence for fighting against.
We should anatomize the working principle of botnets and make an in-depth analysis of the industrial chain of botnets to identify internal changes and associations of different botnets. This way, we can uncover attackers’ entire process of crafting and spreading malware and making profits, providing intelligence for security defenses as well as helping law enforcement agencies crack down on botnets to secure the Internet ecology.