Attackers are changing their botnet strategies by increasing the size of IoT botnets, while also conscripting high-powered servers. Credit: NETSCOUT Although it’s sometimes easy to think about threat actors as evil geniuses, the reality is they’re like any other group of people whose goal is to make money with as little effort as possible.That’s clearly seen throughout Netscout’s 2H 2021 Threat Intelligence Report, which highlights several examples where threat actors have improved the efficacy of long-established attack methods via new modifications and strategies. Such is the case for botnets, which have been around since the 1980s.Innovation throughout historyIndeed, a quick history of botnets illustrates how attackers have modified their strategies for using them over the course of 20 years. The first botnets were deployed on server-class computers. Later, attackers began building distributed denial-of-service (DDoS)-capable botnets by compromising personal computers (PCs) – and attackers continue using compromised PCs to create botnets for launching DDoS attacks today.Today, Internet of Things (IoT) botnets are common, with attackers generally launching DDoS attacks via IoT devices through a common command and control (C2) infrastructure. These botnets soared in popularity after the source code of the Mirai IoT botnet was leaked in 2016.What we’re now seeing is that threat actors have changed up their botnet strategy yet again by increasing the size of IoT botnets, while also conscripting high-powered servers into larger botnets. Servers are being leveraged to launch targeted DDoS attacks against high-value targets. What we saw in the second half of 2021 is that attackers have once again changed strategies to create powerful Mirai botnets. What’s happening now?The result is new server-class Mirai botnets that are being used to launch high-impact DDoS attacks. For instance, two direct-path packet-flooding attacks of more than 2.5 Tbps were launched using server-based botnets in the second half of 2021. These are the first terabit-class, direct-path DDoS attacks that have been discovered, and we expect to see more of such attacks. But attackers aren’t satisfied with just server-based DDoS botnets. What we’re also seeing is growth in direct-path DDoS attacks in relation to reflection/amplification attacks. Several trends will likely create ample reason for attackers to continue along this path. These include the introduction of multigigabit consumer internet connectivity, 5G broadband, increasingly powerful home computers, and the continued proliferation of IoT devices. Learn more about how attackers use botnets and how that behavior will impact networks around the world in the 2H 2021 Threat Intelligence Report. Related content brandpost Sponsored by Netscout How to Avoid Getting Crushed Under a Tidal Wave of Traffic Systems with resilience, scale, and a multilayered defense can stop multipurpose application-layer DDoS attacks. By NETSCOUT Mar 09, 2023 4 mins DDoS brandpost Sponsored by Netscout Is Your XDR Strategy Incomplete? Why you can’t have XDR without NDR. By NETSCOUT Mar 07, 2023 5 mins Security brandpost Sponsored by Netscout How 3 Tools Can Revitalize Your Security Strategy Focus on visibility to improve your security posture. By NETSCOUT Mar 07, 2023 4 mins Security brandpost Sponsored by Netscout Protecting the Edge Is More Important Than Ever NETSCOUT’s Omnis Arbor Edge Defense Earns Security Today’s 2022 CyberSecured Award By NETSCOUT Mar 07, 2023 2 mins DDoS Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe