The Rise of Botnet and DDoS Attacks


By: Amr Alashaal, Regional Vice President –


Distributed Denial of Service (DDoS) attacks have become an ongoing threat to organizations. Any entity with an online presence can become a DDoS target.


What is a Botnet? 

The bots that make up a botnet can include computers, smartphones, virtualized machines, and a wide range of Internet of Things (IoT) devices such as IP cameras, smart TVs, routers, and even children’s toys, i.e., anything with an internet connection.


What Do Botnets Do?

Botnets are used for four main purposes, and generally, a botnet can be switched as a whole or in parts between any of these functions.


1. Spam and Phishing

Amr Alashaal, Regional Vice President

Bots enable spammers to avoid the problem of their IP addresses getting blacklisted; even if some bots get blacklisted, they can create thousands of backup IPs. Targeted botnet spam is used for phishing for identity theft. By generating huge amounts of spam email messages inviting recipients to visit promotional websites, websites impersonating banks and other financial institutions, and fake competitions, scammers try to harvest personal information such as bank account details, credit card data, and website logins.


2. Pay-per-Click Fraud

To increase website advertising revenues, botnets hijack the pay-per-click advertising model by faking user interaction. Because of the distributed nature of the click sources, it’s hard for advertising networks to identify click fraud.


3. Cryptomining

An IoT botnet is the perfect platform for crypto-mining. By running the algorithms that mine cryptocurrencies on tens of thousands of bots, hackers steal computing power from the device owners, creating significant revenue without the usual costs of mining, like electricity.


4. DDoS Attacks-as-a-Service

DDoS attacks are easily launched using botnets, and as with botnet-generated spam, the bots’ distributed nature makes it difficult for organizations to filter out DDoS traffic. Botnets can execute any DDoS attack and even launch multiple attack types simultaneously.

A relatively new hacker business is DDoS-as-a-Service. Individuals can buy DDoS attacks for as little as $5 per hour on certain websites across both the Dark Web and regular web, with price scaling based on the attack’s scale and duration.


Botnet Command and Control 

The latest botnet command and control communications are based on peer-to-peer (P2P) connections. In this model, compromised devices discover each other by scanning IP address ranges for specific port and protocol services and sharing lists of known peers and commands with any identified botnet members. 


The Future of Botnet and DDoS Attacks and How to Respond 

Botnets are here to stay. All IT teams should prepare to deal with a botnet and DDoS attack. The first step is to realize that no online property or service is too big or too small to be attacked.


Secondly, organizations should plan for increased bandwidth, ideally on an as-needed basis. The ability to scale up an internet connection will make it harder for a botnet and DDoS attack to saturate access and isolate an organization from the internet. 


Thirdly, organizations should consider using or expanding their content delivery network (CDN) to increase client-side delivery bandwidth. The use of multiple CDNs also increases resilience to DDoS attacks. 


Finally, businesses should strengthen everything. Strategically deploying hardware and software DDoS mitigation services throughout organizational infrastructure is key to reducing the potential impact of a botnet and DDoS attack.