One of the key drivers of cyberattacks are Botnets that can distribute malware, ransomware and other malicious pay loads. Security researchers are warning that due to dark web forums now offering lessons to would be criminals, the botnet threat could be on the rise. In other words, criminals on the dark web have found another way to make money as they offer their knowledge to up and coming criminals for an extra dollar. And that’s likely to increase the botnet threat, given time.

In a cyber-criminal-controlled botnet infected computers and devices can be used to send a mass of phishing emails or malware to even more devices. And what’s more botnet operators frequently lease out their collection of unwittingly controlled machines to other criminals. These can number in the thousands.

For instance machines are roped into a botnet via TrickBot malware which in turns provides attackers with an open doorway. Then cybercriminals buy the access to the computers on the dark web to deploy ransomware, using that access to encrypt files. Criminals can then demand a huge ransom payment. In other words, the use of botnets is a way to gain access into a device. Secondly, they are also used to steal usernames and passwords. Lastly, some criminals will take the processing power of the machines they control and lease them out to launch DDoS attacks in order to overflow websites with traffic and take them down. 

As a result, botnet operators can make a lot of money. And with dark web operators who are offering online courses to train others on using botnets, chances are they’ll be more operators making a lot of money. These dark web operators operate much the same as their legitimate counterparts teaching cybersecurity and other skills in online courses. 

Most importantly, take note that these courses are in hot demand as cybersecurity researchers at Recorded Future investigate advertising and activity in botnet school as they go incognito in the prominent underground forum. In other words, this could spell trouble for organisations and a huge issue for any business targeted by cyber criminals that have upskilled in the art of botnets.

The camera may not be on the person teaching, but Danny Panton, cybercrime intelligence analyst at Recorded Future says, “you’ll have a director and they’ll be virtually teaching you, like you’re in college” Botnet students will have access to a platform and will gain insights on how to “leverage botnets against potential victims.” 

The courses cost $1,400 so they aren’t cheap and are taught by individuals who run large botnets themselves. But they promise the student in crime the ability to capitalise on knowledge of how to build, maintain and monetise botnets.

All types of people are taking the course. Those “who are seasoned cybercrime fraudsters but aren’t really familiar with using botnets” and “people who are brand new to cybercrime or those who want to become better seasoned and increase their skills, Panton explained.

When you’re doing business in the criminal world, you might not want to give over any money given the nature of the business and the chances of being scammed are high. But it seems as though this course is real in the sense you are getting what you pay for. For instance, the course can receive reviews which means the botnet school is all above board, in the criminal world. And if it was a scam the course wouldn’t have lasted.

However, while the researcher has a lot of information about the botnet course, they’re not certain of the total number of people who have taken the course. While investigating the activity the researchers could see class numbers varied from 5 to 100 at a time.

The criminals are aware that the authorities will clamp down hard on botnets as seen by the Emotet takedown, so the course includes a subject on how to run a botnet in a way designed to avoid law enforcement attention.

Without being able to track individual users that have taken the course it’s hard to quantify just how much of an increase in the threat botnets will happen because of their newly learned skills. But researchers warn there will be a rise in the threat of botnets due to this type of course.

Panton warns, “It is highly likely that, as a result of these courses, more threat actors become proficient in botnet-oriented attacks”.

Botnets are a significant threat to computer networks and will sadly stay here for the near future. But you can take measures to avoid becoming the next victim.

Avoid risky and dangerous cybersecurity mistakes

Firstly, networks are updated with the latest security patches

Secondly, making sure that default manufacturer passwords aren’t in use and repeated, easy passwords. And better than the best password, is 2FA to improve your security.

Thirdly, ensuring that internet-facing ports that aren’t necessary for the function of devices are closed. 

And if in doubt speak to an IT specialist to ensure you’re properly protected.

How can we make your business better with IT?