Even though it might sound like a friendly little creature from another planet, a botnet is anything but friendly and it captures its prey with the rapidity of a roadrunner and has a vicelike grip as strong as a snapping turtle (and it won't let go when it thunders).

A botnet (robot network) is actually a type of malware used by an attacker, known as a 'bot herder', to take control of infected machines or devices, including mobile devices. A bot is created by a Trojan that has been coded to join a certain chat room, and multiple bots can join in on one channel controlled by the attacker. A 'bot herder' attacker uses automated techniques to send instructions over the internet or a network to install the 'bot' (malware) program on the device(s). The bot herder targets vulnerable systems, such as older systems, or devices that have not been updated with security patches. The infected machines or devices are sometimes called 'bots' or 'zombies'. Bots are especially good at performing repetitive tasks. The bot herder can install the bots on a single or multiple devices, and these 'herds' of bot machines, called zombies, can be used to attack or infect other machines. When a network or group of devices have been taken over and are under the control of the same attacker, it is known as a 'botnet'. Once a bot herder takes control of the botnet, which can be done in minutes, the data and resources of the connected systems controlled by the botnet can no longer be controlled by the legitimate user. The bot herder controls the botnet through a 'command-and-control' server by communicating instructions over the internet or network to collect data, monitor a user, or other control actions. They can use botnets to distribute spam emails, spread viruses, commit fraud and identity theft and attack computers and servers, even going so far as to prevent the legitimate user access by submitting large numbers of requests to a webserver and overloading it, or bombarding victims with unwanted phone calls. This is known as a DDoS – distributed denial of service attack. Bot herders can even rent their 'herds' to other cybercriminals to use while still maintaining control.

One particularly sneaky attack used was posting online job opportunities for persons with a computer and home office, with the ability to infect computers globally as persons unsuspectingly clicked on these bogus job opportunities. Botnets have grown rapidly from hundreds, to hundreds of thousands of infected machines, with the largest botnets containing millions of bots. A common risk comes from downloading content from unknown sites or from friends who don't have up-to-date security protections, as companies do not have a way of defending against malware being downloaded past their installed security actions.

In 2014, a botnet known as Gameover Zeus infected between 500,000 and 1 million computers worldwide and inflicted more than $100 million in losses. It started as a spam phishing email that appeared to come from reputable and highly recognized organizations in the banking industry, and the emails contained a link that when opened by the user went to a fraudulent website where the bot malware was downloaded and run. While communicating with each other, the bots stole usernames and passwords from users on the infected systems and passed this information to servers that relayed that data to the attackers, who then committed cyber burglary by exploiting the security breached by Gameover Zeus. The attackers transferred funds from the compromised bank accounts (some in excess of $1 million), through third parties known as “money mules”. “Money mules” are paid to transfer illegally acquired money or product on behalf of others, either electronically or via a courier service. They may be knowingly acting in this capacity, or they may be unaware that their services are being used fraudulently.

Researchers have noted an increase in botnet activity of 69.2% in the first part of 2017 from 2016, and this is expected to continue to rise with the discovery of 11 new malware strains in the first quarter. The best defense against bots is a good offense – installing reputable internet security software, promptly updating software with authenticated security patches, such as those from Microsoft, and installing antivirus software and periodically running scans. Care should be taken when opening emails or clicking links from unknown or suspicious sources, connecting USB devices (memory sticks, MP3 players and external hard drives), connecting CDs/DVDs or installing free software, as any of these could contain viruses. It is also a good idea to switch on macro protection in Microsoft Office applications such as Word and Excel.

The purchase of cyber insurance should be considered as a first line of defense in minimizing the effects of an attack. Cyber insurance covers the losses relating to damage to, or loss of information from, IT systems and networks. Cyber insurance has been expanding over the ten years or so since it was first made available, and currently coverage can include:

First party coverages of

·Data breach/crisis management – covers expenses associated with the loss of data and its restoration, and managing the attack, including breach investigation, remediation, public relations costs, legal or regulatory notification requirements, customer service such as call centers or credit monitoring, legal costs including attorney costs and court appearances, and some policies include payment of regulatory fines and penalties;

·Business income – covers loss of income arising out of loss of data and shutdown of systems or network resulting from a breach;

·Extortion liability – covers losses due to extortion threats, including the associated professional fees to deal with an extortion, such as when third parties threaten to damage or release data if a ransom is not paid;

·Theft – covers theft of money or digital assets; and

Third party coverages of

·Security and privacy breach liability – covers the related post-breach investigation, defense costs including court appearances, regulatory fines and civil damages arising from the breach;

·Reputational harm and loss of intellectual property of customers;

·Media liability – covers damages sustained from privacy breach, infringement of property rights and negligence in publication of electronic or print media;

·Network security liability – covers damages to third-parties as a result of denial to access, data loss on third-party systems, including loss of payments to customers, and costs related to third-party suppliers, including damages resulting from the failure of software or systems; and

·Risk management – some policies will provide a contact or hot-line to assist the insured from the moment the insurer agrees to a claim, or perhaps will allow the insured to monitor the incident and choose services to use from a list of approved suppliers to manage the breach.

ISO has announced that they will be expanding their cyber program in 2017, and introducing a policy for small to medium-size businesses. Details on this update will be forthcoming when released from ISO.

It pays to be educated and informed when it comes to preventing and mitigating the effects of botnet attacks, as you don't want those zombies sneaking up on you and grabbing your data!