The Unrelenting Rise of Botnets

The new world of scalable botnets is leading to new types of security threats.

Black background with color images and scanned face
NETSCOUT

As the world has moved to scalable online services for everything from video streaming to gaming to messaging, it’s really no surprise that malware has followed close behind. Specifically, threats such as botnets are evolving and scaling at such speeds that it’s more important than ever for organizations to proactively manage potential security threats from them. 

Botnets, a portmanteau or blend of the phrase robot networks, are collections of malware-infected computing resources that can be used to attack any connected target system. They’re a growing risk for every organization, enabling threats that range from stealing passwords and gaining access to corporate systems to disruptive attacks that shut down entire networks or even hijack corporate data with ransomware.

The Botnet Evolution
As detailed in Botnets Multiply and Level Up, a part of the 1H 2022 DDoS Threat Intelligence Report, botnet threats are continuing to evolve in a variety of ways—from accelerated growth to new types of attacks to more-sophisticated ways of hiding. In short, botnets are a bigger risk to corporate security than ever before. 

Although botnets have been around since the 1990s, they’ve grown staggeringly fast, especially over the past year. As the report notes, in the first half of 2022 alone, there were more than 67 million connections from more than 600,000 unique IP addresses across 30,000 organizations and 168 countries.

In fact, NETSCOUT botnet tracking metrics showed significant growth in the first half of 2022, with the number of high-confidence botnet nodes growing from 21,226 in Q1 to more than 488,000 in Q2. More nodes mean more—and perhaps more complex—botnet attacks in the future.

And just as major software providers continue to innovate by delivering solutions that are faster, more sophisticated, and easier to use, innovation is also driving botnet security threats. For example, there are new “DDoS for hire” services that make it easier than ever for anyone to launch coordinated and complex attacks on target companies, organizations, or industries. The goal of such activity is often to distract security teams with DDoS while attackers are actively working to exfiltrate data and also use ransomware to lock it up and make it inaccessible. 

In addition, the research showed a significant uptick in botnet direct-path attacks from the second half of 2021 to the first half of 2022, resulting in more application-layer attacks. This increase in the number of direct-path attacks highlights the continuing shift from traditional reflection/amplification DDoS attacks to more direct-path ones. 

Proactive Defense Is Key
Botnet innovations don’t stop with DDoS-for-hire platforms and an increase in direct-path attacks. Many botnets are adding additional capabilities to make themselves harder to detect. For example, the Mirai family of malware recently started taking advantage of SOCKS5 proxies. By integrating the use of SOCKS5 proxies into its communications protocol, the malware can thwart analysis and mitigation of compromised nodes, making itself more lethal and harder to detect and stop.
 
Although organizations can’t be sure from where the next security attacks will come or exactly what they may look like, organizations can be sure of one thing—botnets will continue to evolve at a serious pace, adding new capabilities while scaling up for even greater threats. 

Unfortunately, no one is safe from these ever-evolving botnet threats. Attacks can be motivated by financial considerations, revenge, geopolitical goals, ransom opportunities, or just malicious intent. Everyone from gamers to financial corporations to organizations that might have geopolitical enemies are at a greater risk from more-sophisticated botnet attacks.

As a result, all types of organizations must be more proactive in defending themselves against these types of attacks or risk possible disruptions to their business, their services, their reputations, and their bottom lines.

For more expert insights into DDoS attack statistics and botnet risks, read the NETSCOUT 1H 2022 DD0S Threat Intelligence Report.