What does botnets mean?

01 September 2017

What does it mean? 

A Botnet is a network of hijacked computers or internet connected devices co-opted by threat actors to collectively carry out a cyber attack. Once infected by malware, the ‘bot-master’ is able to control an army of computers and/or devices to create a single attack group, usually without the owners’ knowledge. 
Botnets first appeared around 2004 but can now be easily rented out on the dark web. Some of the biggest Botnets, such as BredoLab, are thought to have infected tens of millions of computers, while the adware Botnet Stantinko was only discovered this year having operated covertly on over half a million devices for five years. 

Botnets are commonly used to spread malware or carry fraud and spamming campaigns, but they are also used to carry out distributed denial-of-service (DDos) attacks. Some Botnets are relatively harmless, for example, running in the background of an infected device to divert web browsers to certain online advertisements. 

However, they have also been used to carry out some of the largest and devastating cyber attacks. In October 2016 the Mirai Botnet overwhelmed internet infrastructure provider Dyn with a large-scale distributed denial of service (DDoS), disrupting services at Twitter, Paypal, Spotify, Amazon and others. The attack was one of the largest of its kind yet. 

Why does it matter? 

Botnets are becoming even more of a concern with the growth of the Internet of Things, connected devices that are increasingly embedded in consumer goods, buildings, infrastructure, transport and the workplace. 

Gartner estimates that more than 50% of major new business processes and systems will include an IoT component by 2020. But IoT devices often lack adequate cyber security and hackers are increasingly looking to enrol connected devices in their Botnets. The Dyn attack was notable for its use of an estimated 100,000

IoT devices, including webcams, while internet routers have also been targeted by Botnet hackers. 
IoT cyber attacks have exploded in the first half of 2017, according to a report from F5 labs. According to the report, IoT attacks grew 280% in the first half, in part due to the continued use of the Mirai Botnet. Research also suggests Botnet DDos attacks may also be getting longer. One attack in the second quarter of 2017 lasted 277 hours.

In addition to contributing to a Botnet cyber-attack, an infected computer or IoT device could give rise to third party liability. If the cyber security of a device or IT system is found to be wanting, the device owner and/or manufacturer could potentially be liable for damages resulting from an attack.

For further information, please contact Sarah Stephens, Head of Cyber, Content and New Technology Risks on cyber@jltgroup.com



Find out more

Read our Cyber Risks & Insurance Insights

Read more

Receive our monthly cyber risk newsletter