Botnet business: how cybercriminals are making money with your devices

Understandably, the list of people you think should be able to make money using your computer or IoT devices is probably pretty short: you. Maybe someone you really, really like if pushed to name a second.

However, the list of people potentially making money using your computer or devices is much longer than that, and the likelihood is that you don’t know a single one of them and, depending on which money-making scheme they’re using, you might not even realize it’s happening.

Botnets are big business, and you could very well be a part of one.

The basics

A botnet is created when malware infects huge numbers of computers or other internet-connected devices to give cybercriminals remote control over said computers and devices, allowing them to be used en masse with instructions spread with either a centralized command and control server run by the cybercriminals, or through peer to peer communication where the computers and devices essentially pass instructions to each other.

Botnets are a tremendous tool for malicious actors. Think about it – with a botnet, one person can have control over the computing resources of tens of thousands, hundreds of thousands or even millions of devices. That’s a lot of power, and a lot of money that can be made using it.

In 2018, there are two main ways cybercriminals are making bank with botnets.

The classic botnet money-maker: DDoS attacks

DDoS or distributed denial of service botnets are an oldie but a goodie as far as criminals willing to infect tremendous numbers of devices and use those devices to damage websites and businesses are concerned. Using its collective computing power, a DDoS botnet directs massive amounts of junk traffic or illegitimate requests at a victim website or online service, aiming to either clog the network or consume server-side resources until the website or service is offline or otherwise unavailable to its actual users. DDoS botnets have been around on the internet for decades, but with the growth of the Internet of Things and its billions of poorly secured devices, those botnets have ballooned to previously unimagined sizes capable of record-breaking attacks.

The folks behind DDoS botnets generally use them to make money in two ways. Either they themselves act as professional attackers, unleashing powerful and tailored attacks at targets they’re being paid to take down, or they rent out use of their botnets as DDoS for hire services, otherwise known as booters, stressers or stress-testers. It’s hard to put an estimate on just how much the people behind DDoS botnets can make, but one famous example is teenager Adam Mudd, who managed to rake in over $500,000 USD with approximately 1.7 million attacks from his for-hire botnet.

For business and website owners, the most concerning thing about DDoS botnets is obviously the devastating attacks they create. For computer and device owners? It’s that your devices can be ensnared in any number of these botnets and you would never know if you didn’t go looking with a malware scan (even though you’re likely literally paying the price for these attacks in bandwidth and power costs).

The new botnet money maker: cryptomining

It used to be that if your computer were in a botnet, it was in a DDoS botnet. That was just the way the internet worked. However, with all the hype and money-making opportunities surrounding cryptocurrencies like Bitcoin, that no longer holds true. Earlier this year it was found that a whopping 88% of attacks that attempt to get your computer to install malware are now related to cryptomining.

Cryptomining is a process where a computer works to solve complex mathematical equations in order to verify cryptocurrency transactions and get them entered into the public ledger or blockchain. Cryptomining is one of the single most important processes when it comes to cryptocurrency, and as a result cryptominers are rewarded for their efforts with fractions of cryptocurrency coins. The more computing resources a cryptominer can put towards their cryptomining, the more cryptocurrency he or she can earn. This is, of course, where the botnets come in.

Unlike with those quaint, old-fashioned DDoS botnets, the owners of computers being used in a cryptomining botnet will be well aware that something is amiss because they will likely be unable to use their computer to do anything else while its resources are devoted to cryptomining. Some criminals are just so selfish.

Staying out of the botnet business

With a lot of malware infections it comes down to the web applications you’re using. In a perfect world, those in charge of web applications would keep those applications fully patched and up-to-date and protected with a web application firewall in order to protect all the application’s users.

Since you’ve probably noticed this is not a perfect world, as a device owner you need to do your part by keeping your operating systems as well as browsers patched and updated. For IoT devices this will likely mean hunting down the manufacturer websites and actively looking for those updates and patches. Having complex usernames and passwords is also helpful, as is anti-malware or anti-virus programs and even a personal firewall. Lastly, take a good look at the web applications you’re using or downloading. Are they from a trusted source? Do their permissions make sense? If the answer is no to either of those questions, the answer is probably yes to is this going to get me looped into a botnet?

The internet is full of malicious entrepreneurs trying to make a buck (or, well, many bucks) off the back of your computers and devices. Don’t let them. If anyone is going to get rich on your computer it should be you, and if anyone is going to get not-rich on your computer it should still be you.


Login/Register access is temporary disabled