In the past, botnets were designed to run repetitive tasks and to help the Internet function properly. However, their effectiveness meant that they eventually became developed for malicious purposes.
According to ITPRO any device that has Internet access is vulnerable, including computers, mobile phones, and tablets. Due to the highly sophisticated and dangerous nature of botnets, they’ve become even more difficult to detect and shut down.
Recently, a new botnet called Hide and Seek malware affected more than 90,000 devices, according to reports by the Health News Office. This botnet is especially alarming because researchers have reported that it persists even after devices have been rebooted.
Botnet attacks are highly problematic on a global scale, so much so that, in HP’s article on ‘Beware of Botnets’ they liken them to a zombie army because of their interconnected nature, spreading from one computer to the next until your network is no longer under your control. Put simply, harmful botnets are made up of a group of infected machines that grow larger by adding new machines through viral attacks and software installations. Need to protect yourself from this growing epidemic? Here’s everything you need to know about how to keep your website safe from these evil bots that have infected millions of systems worldwide:
1. Keep an eye on your website traffic
If your website usually gets 200 hits an hour and suddenly receives millions, you may be feeling great but that’s one clear indicator of a botnet attack. Also, it pays to keep an eye on the coordinates of your visitors – if you have a lot of unexpected traffic from countries where you don’t offer your service, that’s a suspicious sign. “Bot operators may take advantage of cheap or breached hosting services or of malware-infected hosts and run their bots in those countries,” states Forbes in their article on ‘Five Ways to Identify Bot Attacks on Your Site’. That’s why it’s important to have monitoring tools in place as well as alerts to let you know when you receive an excessive amount of visitors targeting your website. However, also keep in mind that Googlebot makes repeated requests to your website that may seem malicious, but search engine crawlers are important if you want your website to rank correctly in searches.
2. Monitor the number of failed login attempts
One common nightmare that companies face is stolen user accounts. Account Takeover (ATO) is defined as a type of identity theft where someone gains unauthorized access to an account belonging to someone else. They do this by using bots that forcibly test different user-password combinations leaked from other sites, perhaps attempting to validate millions of combinations daily. Again, it is helpful to know how many failed attempts you get on a regular basis, so you can set up alerts to inform you of any abnormal activity. Note that advanced attacks from botnets classified as “low and slow” might not trigger user alerts, so make sure that you put global thresholds in place. However, stopping ATO attacks can be difficult. While detecting keystroke activity, for example, can tell you if the user is a bot or not, installing additional verification methods like an SMS or email, to verify user identity might be a helpful tactic.
3. Don’t forget about other access points
Finally, don’t forget about exposed application programming interfaces (APIs) and mobile apps in addition to your website. Nowadays, a lot of companies operate on a multitude of platforms, so it’s best to make sure that all your avenues are protected. Remember to share blocking information between your various systems, because even if your website is sufficiently protected, botnets can still get through to your data using any open backdoor paths.
For further tips on promoting website security, check out our previous post on ‘How to Tell if Your Joomla or WordPress Site is Hacked’.