Underground cybercriminal forums have realized that a substantial financial gain can
result with the help of botnets. Therefore, they try to promote botnets and collect fees in
exchange. So far, there have been numerous cases where it is reported that several high-profile
and infamous cybercriminal groups are renting their malware kits, a phenomenon known as
DDoS-as-a-Service. In return, they get to earn money and in some cases earn a portion of the
loot. Such services are as low as $19 per month.
Moreover, cybercriminals who are behind botnets are quite adept at digital marketing and
technological trends. They are using website banners and weekly advertisements to attract
potential buyers to use their services.
Quick Challenge
Design a new implementation strategy which can help in stopping botnet attacks.
Examples of Botnet Attacks
Following is how the botnet has managed to become one of the leading security challenges for
IT through dierent large-scale attacks.
Torii
When Torii emerged, cybersecurity experts were quick to notice that it was much more
sophisticated than the previous botnets. Experts especially noticed how it was too advanced
while comparing it to the variants of QBot and Mirai botnets. This analysis came from the
research thinktank of Avast itself.
The first security analyst to discover Torii via his “honeypot” reviewed the script of
the malware and explained that unlike Mirai’s variants; the creator of Torii was extremely
well-skilled, judging by the quality of the code.
According to Avast, the malware was developed by an individual who was already
experienced with the botnets and their working. This discovery diered from Mirai variants
which were expected to be made by a rookie. It is important to note that the original Mirai
botnet made its code open source back in 2016. Since then many cybercriminals have modified
it to pursue their own ambitions.
Researchers also pinpointed the fact that Torii used the latest techniques in its operation.
They explained that it was incorporated with several modern techniques for stealing sensitive
data while its architecture was modular in nature. This structure of the code helped it to fetch
and run a wide range of executables and commands via various layers through a communication
model which was encrypted.
While the exact date of the botnets first appearance is not clear but security professionals
believed that it has been making rounds since 2017 while its attacking strategies are vastly
dierent from other botnet variants. What makes it truly lethal for the IoT devices is that it
can infect ARM, ×64, ×86, PowerPC, MIPS, SuperH, and many more architectures. In an IoT
ecosystem which operates under a heterogeneous environment of multiple operating systems,
this advantage makes it extremely threatening.
The botnet was identified when it was found out that it was linked to the telnet attacks
which were originating from the exit nodes of the Tor network. Security professionals have
274 Internet of Things
Internet_of_Things_CH11_pp271-308.indd 274 9/3/2019 10:16:19 AM
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.