Botnet Basics-What They Are and How to Defend Against Attacks

Botnet Basics: What They Are and How to Defend Against Attacks

How Individuals and Industries Can Protect Themselves from Botnet Attacks

The amount of internet of things (IoT) botnet-driven DDoS traffic increased by five times since last year. Here we will learn how to protect your personal and professional devices from botnet attacks. 

A botnet is a network of connected computers and/or IoT devices that have been infected with a type of malware. The infected devices (zombie bots) are essentially commandeered by an external attacker (the bot herder) and then used to wreak all sorts of havoc, including email and phishing scams, data breaches, DDoS (distributed denial of service) attacks, and more. 

In some cases, a single bot herder sends commands to all the zombie devices through a centralized network. In other cases, the zombies are infected in such a way that they can send commands to each other, known as a decentralized, or peer-to-peer, network. Cybercriminals often prefer the latter approach since it obscures where commands are coming from, preventing authorities from discovering their identities. 

How prevalent are botnet attacks?

According to a Nokia Threat Intelligence Report published in June 2023, the amount of IoT botnet-driven DDoS traffic increased by five times since last year. Additionally, the number of IoT devices hijacked for botnet attacks rose from 200,000 in 2022 to 1 million in 2023. 

The report attributes these increases to:

  • The ongoing Russia-Ukraine War, which has boosted profit-driven cybercriminal activity
  • The increasing prevalence of IoT devices

Prevention Tactics

Botnet attacks can strike individuals, corporations, governments, and more – no entity is immune. The continually increasing number of IoT devices make botnet attacks more probable, since devices tend to have weaker defenses than PCs.

While malicious actors are certainly out there, there are several things individuals and companies can do to be on alert for botnet attacks:

  • Regularly update software: As botnet attacks increase and vary, so do our defenses. However, old versions of software won’t be up to date with the latest protection. Therefore, make sure to always update your software and operating systems. 
  • Take failed log-in attempts seriously: If you receive notifications of several failed log-in attempts, that could be a sign of a botnet trying to gain access to your device. Take appropriate action if this happens. Additionally, you should use 2FA whenever possible. 
  • Never download an unrecognized attachment: This is a good rule of thumb to prevent all types of cyberattacks.
  • Companies should restrict access to their networks whenever possible: Limiting access to your information limits the chances of becoming part of a botnet. Even among employees, grant access only to necessary systems. 
  • Use a reliable antivirus program: Cybersecurity is not the place to cut corners. Make sure to use reliable, high-quality, and comprehensive antivirus protection.  

Social Media Bots vs. Botnets

Social media bots and botnets are often used as interchangeable terms, but they are not the same thing. Social media bots are software agents designed to operate partially or completely autonomously on social media, imitating human interactions (but often not getting it quite right). 

Many malicious actors often use bots for nefarious purposes on social media, using them to spread lies and disinformation on a large scale, usually about wars, terrorism, and politics. Bots can operate alone or work as part of a botnet.

Famous botnets

Many botnet attacks have wrought havoc on the world. Here are three of the biggest. 


In 2014, disgruntled student Paras Jha launched a DDoS attack (the first of five) on the Rutgers University registration page using a 40,000-botnet to send thousands of fraudulent requests to the university’s server, causing the site to crash. In 2016, he teamed up with two hacker friends to create one of the most devastating botnets at the time, known as Mirai, which spread to 65,000 devices on its first day alone. Mirai used DDoS attacks to take down several major servers, and despite attempts to take it down, still exists today.


Emotet was first detected in 2014, its early iterations functioning as a “banking trojan” designed to steal bank credentials from devices connected to the network. Subsequent versions were used as “loaders,” attacks that gain access to devices and make them vulnerable to additional malware attacks. Emotet authors sold it as MaaS – Malware-as-a-Service – offering the botnet to cybercriminals to perform additional crimes. Emotet gained access to devices by sending spam emails with infected attachments (which is why you should never download unrecognized attachments).

In January 2021, law enforcement agencies in the US, UK, Canada, France, Germany, and other countries banded together to put a stop to the international threat, but by November that year, Emotet was back in business. 


RSOCKS, the Russian-deployed botnet, infected millions of IoT devices, including routers, industrial control systems, and even smart garage doors. It offered its network as a proxy service for cybercriminals to use for all sorts of malware, including spam, DDoS attacks, and bypassing anti-fraud detection systems. In 2022, the US Department of Justice partnered with several international law enforcement partners to take down RSOCKS. The botnet’s administrator, 36-year-old Denis Emelyantsev, pleaded guilty to two counts of computer crime violations in 2023.

Bottom Line

Botnets can attack computers, mobile phones, and any IoT devices in any industry. From education to big tech to government, no industry is immune – and no individuals. As always, the first line of defense is awareness of the existence of botnet attacks. The second is finding and implementing effective antivirus programs to prevent and detect the existence of malware. The third is keeping your eyes open and your ears attuned to industry updates. Cybersecurity practices are very dynamic – staying abreast of changes can help you implement protective measures accordingly.