Although it\u2019s sometimes easy to think about threat actors as evil geniuses, the reality is they\u2019re like any other group of people whose goal is to make money with as little effort as possible.That\u2019s clearly seen throughout Netscout\u2019s\u00a02H 2021 Threat Intelligence Report, which highlights several examples where threat actors have improved the efficacy of long-established attack methods via new modifications and strategies. Such is the case for botnets, which have been around since the 1980s.Innovation throughout historyIndeed, a quick history of botnets illustrates how attackers have modified their strategies for using them over the course of 20 years. The first botnets were deployed on server-class computers. Later, attackers began building distributed denial-of-service (DDoS)-capable botnets by compromising personal computers (PCs) \u2013 and attackers continue using compromised PCs to create botnets for launching DDoS attacks today.Today, Internet of Things (IoT) botnets are common, with attackers generally launching DDoS attacks via IoT devices through a common command and control (C2) infrastructure. These botnets soared in popularity after the source code of the Mirai IoT botnet was leaked in 2016.What we\u2019re now seeing is that threat actors have changed up their botnet strategy yet again by increasing the size of IoT botnets, while also conscripting high-powered servers into larger botnets. Servers are being leveraged to launch targeted DDoS attacks against high-value targets. What we saw in the second half of 2021 is that attackers have once again changed strategies to create powerful Mirai botnets.\u00a0What\u2019s happening now?The result is new server-class Mirai botnets that are being used to launch high-impact DDoS attacks. For instance, two direct-path packet-flooding attacks of more than 2.5 Tbps were launched using server-based botnets in the second half of 2021. These are the first terabit-class, direct-path DDoS attacks that have been discovered, and we expect to see more of such attacks.\u00a0But attackers aren\u2019t satisfied with just server-based DDoS botnets. What we\u2019re also seeing is growth in direct-path DDoS attacks in relation to reflection\/amplification attacks. Several trends will likely create ample reason for attackers to continue along this path. These include the introduction of multigigabit consumer internet connectivity, 5G broadband, increasingly powerful home computers, and the continued proliferation of IoT devices.\u00a0Learn more about how attackers use botnets and how that behavior will impact networks around the world in the\u00a02H 2021 Threat Intelligence Report.