1 00:00:00,05 --> 00:00:03,00 - [Instructor] While the term botnets may conjure up images 2 00:00:03,00 --> 00:00:06,07 of robots taking over the world like in a sci-fi movie, 3 00:00:06,07 --> 00:00:08,07 the reality is different. 4 00:00:08,07 --> 00:00:12,02 Let's take a look at botnets and DDoS attacks. 5 00:00:12,02 --> 00:00:14,04 A botnet is a collection of computers 6 00:00:14,04 --> 00:00:16,02 or internet of things devices, 7 00:00:16,02 --> 00:00:18,06 which have been infected by malware, 8 00:00:18,06 --> 00:00:22,02 allowing a malicious actor to take remote control of them. 9 00:00:22,02 --> 00:00:24,00 Because so many systems can come 10 00:00:24,00 --> 00:00:25,09 under one attacker's control, 11 00:00:25,09 --> 00:00:28,08 botnets can become a serious force multiplier, 12 00:00:28,08 --> 00:00:31,08 allowing an attacker to inflict a lot more damage 13 00:00:31,08 --> 00:00:33,08 than they could accomplish on their own. 14 00:00:33,08 --> 00:00:36,03 And compromised systems that become part of a botnet 15 00:00:36,03 --> 00:00:39,03 are sometimes called zombies because they are no longer 16 00:00:39,03 --> 00:00:41,08 able to control their own actions. 17 00:00:41,08 --> 00:00:44,09 Once compromised, botnets can be used for many types 18 00:00:44,09 --> 00:00:48,03 of cyber attacks, including distributed denial of service, 19 00:00:48,03 --> 00:00:52,00 or DDoS, attacks, spam and fishing campaigns, 20 00:00:52,00 --> 00:00:54,06 spreading malware, brute force 21 00:00:54,06 --> 00:00:58,02 and other cyber attacks, and crypto mining. 22 00:00:58,02 --> 00:01:00,09 The terms botnets and DDoS attacks are related, 23 00:01:00,09 --> 00:01:02,06 but not the same. 24 00:01:02,06 --> 00:01:04,05 Botnets are the actors. 25 00:01:04,05 --> 00:01:07,05 DDoS attacks are the actions. 26 00:01:07,05 --> 00:01:10,09 A DDoS attack is an attempt to make an online service, 27 00:01:10,09 --> 00:01:14,02 usually a website, unavailable by overwhelming it 28 00:01:14,02 --> 00:01:16,07 with traffic from many sources. 29 00:01:16,07 --> 00:01:18,08 With sometimes thousands of zombie computers 30 00:01:18,08 --> 00:01:22,02 at their disposal, attackers will often use botnets 31 00:01:22,02 --> 00:01:23,08 to flood their target websites 32 00:01:23,08 --> 00:01:28,06 with millions of HTTP browser based requests per second. 33 00:01:28,06 --> 00:01:31,03 These traffic floods can disrupt or completely block 34 00:01:31,03 --> 00:01:34,02 the services of targeted websites, 35 00:01:34,02 --> 00:01:38,04 and DDoS attacks can last hours, days, or even weeks. 36 00:01:38,04 --> 00:01:44,00 In fact, one DDoS attack in 2021 lasted more than 776 hours, 37 00:01:44,00 --> 00:01:46,03 which is over a full month. 38 00:01:46,03 --> 00:01:49,07 DDoS attacks are frequently used for extortion. 39 00:01:49,07 --> 00:01:52,07 The attackers behind botnets will often send emails 40 00:01:52,07 --> 00:01:55,08 to organizations threatening to launch the DDoS attack 41 00:01:55,08 --> 00:01:57,08 if a ransom isn't paid. 42 00:01:57,08 --> 00:01:59,01 If they don't get the ransom, 43 00:01:59,01 --> 00:02:01,04 they'll gradually ramp up the DDoS attack 44 00:02:01,04 --> 00:02:04,08 to put pressure on their victims to pay quickly. 45 00:02:04,08 --> 00:02:06,05 Because botnets are so common 46 00:02:06,05 --> 00:02:08,06 and they can be used to make a lot of money, 47 00:02:08,06 --> 00:02:12,06 some botnet owners sell DDoS attacks as a service. 48 00:02:12,06 --> 00:02:14,08 DDoS as a service enables any criminal 49 00:02:14,08 --> 00:02:17,02 to conduct these attacks without needing 50 00:02:17,02 --> 00:02:20,03 any technical skills or resources of their own. 51 00:02:20,03 --> 00:02:22,06 The ever increasing number of poorly secured 52 00:02:22,06 --> 00:02:25,08 internet connected devices and the chance to use them 53 00:02:25,08 --> 00:02:28,08 to make money is driving the growth of botnets 54 00:02:28,08 --> 00:02:30,07 and DDoS attacks. 55 00:02:30,07 --> 00:02:33,07 This is why we can expect botnets and DDoS attacks 56 00:02:33,07 --> 00:02:35,05 to continue playing a big role 57 00:02:35,05 --> 00:02:39,00 in the cybersecurity threat landscape for some time.